Vulnerability in Microsoft Windows
CVE-2012-3569
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafte…
EPSS: 0.806 (99.2th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Windows
- Vmware Ovf_tool — versions 2.1
- Vmware Player — versions 4.0, 4.0.0.18997, 4.0.1
- Vmware Workstation — versions 8.0, 8.0.0.18997, 8.0.1
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- vmware-ovf-format-string(79922) (vdb-entry, x_refsource_XF)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
- 87117 (x_refsource_OSVDB, vdb-entry)
- 51240 (x_refsource_SECUNIA, third-party-advisory)
Frequently asked questions
- What is CVE-2012-3569?
- CVE-2012-3569 is a vulnerability in Microsoft Windows, classified under Use of Externally-Controlled Format String. Published 2012-11-14.
- Is CVE-2012-3569 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.