VMware OVF Tool Format String

Added: 03/15/2013
CVE: CVE-2012-3569
BID: 56468
OSVDB: 87117

Background

VMware is a suite of products supporting the creation and operation of virtual machines, which are self-contained, independent guest operating systems running within a host operating system.

Problem

The Windows variants of VMWare Workstation versions prior to 8.0.5, VMWare Player versions prior to 4.0.5, and VMWare OVFTool versions prior to 3.0.1 are vulnerable to a format string vulnerability. The vulnerability is due to improper handling of the value of the disk capacityAllocationUnits attribute in the OVF XML file.

Resolution

Update to the latest version of VMWare Workstation, Player, or OVF Tool.

References

http://www.vmware.com/security/advisories/VMSA-2012-0015.html
https://www.vmware.com/support/ws80/doc/releasenotes_workstation_805.html
https://www.vmware.com/support/player40/doc/releasenotes_player405.html

Limitations

This exploit has been tested against VMware OVF Tool 2.1 on Windows XP SP3 English (DEP OptIn).

Platforms

Windows

Back to exploit index