CVSS: 9.3EPSS: 96%CPEs: 15EXPL: 2CVE-2012-3569 – VMware OVF Tools - Format String
https://notcve.org/view.php?id=CVE-2012-3569
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file. Vulnerabilidad de formato de cadena en VMware OVF Tool v2.1 en Windows, tal y como se utiliza en VMware Workstation v8x antes de v8.0.5, v4.x VMware Player antes de v4.0.5, y otros productos, permite ejecutar código de su elección a atacantes remotos asistidos por un usuario local a través de un archivo OVF debidamente modificado. • https://www.exploit-db.com/exploits/24461 https://www.exploit-db.com/exploits/24460 http://osvdb.org/87117 http://packetstormsecurity.com/files/120101/VMWare-OVF-Tools-Format-String.html http://secunia.com/advisories/51240 http://technet.microsoft.com/en-us/security/msvr/msvr13-002 http://www.vmware.com/security/advisories/VMSA-2012-0015.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79922 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.3EPSS: 0%CPEs: 14EXPL: 0CVE-2012-5458
https://notcve.org/view.php?id=CVE-2012-5458
VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application. VMware Workstation v8.x antes de v8.0.5 y VMware Player v4.x antes de v4.0.5 en Windows utiliza permisos débiles para hilos de proceso no especificados, lo que permite a los usuarios del sistema operativo de host para obtener privilegios del sistema operativo de host a través de una aplicación diseñada. • http://osvdb.org/87118 http://www.securityfocus.com/bid/56469 http://www.vmware.com/security/advisories/VMSA-2012-0015.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79924 • CWE-264: Permissions, Privileges, and Access Controls •