1 results (0.002 seconds)

CVSS: 9.3EPSS: 96%CPEs: 15EXPL: 2

Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file. Vulnerabilidad de formato de cadena en VMware OVF Tool v2.1 en Windows, tal y como se utiliza en VMware Workstation v8x antes de v8.0.5, v4.x VMware Player antes de v4.0.5, y otros productos, permite ejecutar código de su elección a atacantes remotos asistidos por un usuario local a través de un archivo OVF debidamente modificado. • https://www.exploit-db.com/exploits/24461 https://www.exploit-db.com/exploits/24460 http://osvdb.org/87117 http://packetstormsecurity.com/files/120101/VMWare-OVF-Tools-Format-String.html http://secunia.com/advisories/51240 http://technet.microsoft.com/en-us/security/msvr/msvr13-002 http://www.vmware.com/security/advisories/VMSA-2012-0015.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79922 • CWE-134: Use of Externally-Controlled Format String •