CVE-2009-3732
VMware Remote Console e.x.p build-158248 - Format String
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.
Vulnerabilidad de formato de cadena en vmware-vmrc.exe build 158248 en VMware Remote Console (también conocido como VMrc) permite a atacantes remotos jcutar codigo arbitrario a través de vectores inespecíficos.
VMware Remote Console Plug-in can be installed from WEB interface of VMware vSphere. This software contains of ActiveX objects and executable files for remote console of guest OS. VMrc vulnerable to format string attacks. Exploitation of this issue may lead to arbitrary code execution on the system where VMrc is installed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-10-20 CVE Reserved
- 2010-04-10 CVE Published
- 2010-04-12 First Exploit
- 2024-08-07 CVE Updated
- 2025-06-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-134: Use of Externally-Controlled Format String
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | Broken Link | |
| http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | Broken Link | |
| http://secunia.com/advisories/39110 | Not Applicable |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/12188 | 2010-04-12 |
| URL | Date | SRC |
|---|---|---|
| http://lists.vmware.com/pipermail/security-announce/2010/000090.html | 2023-01-24 | |
| http://www.vmware.com/security/advisories/VMSA-2010-0007.html | 2023-01-24 |
| URL | Date | SRC |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-201209-25.xml | 2023-01-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Ace Search vendor "Vmware" for product "Ace" | >= 2.5.0 < 2.5.4 Search vendor "Vmware" for product "Ace" and version " >= 2.5.0 < 2.5.4" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Vmware Search vendor "Vmware" | Ace Search vendor "Vmware" for product "Ace" | 2.6 Search vendor "Vmware" for product "Ace" and version "2.6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | >= 2.5.0 < 2.5.4 Search vendor "Vmware" for product "Player" and version " >= 2.5.0 < 2.5.4" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | 3.0 Search vendor "Vmware" for product "Player" and version "3.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | >= 2.0.0 <= 2.0.2 Search vendor "Vmware" for product "Server" and version " >= 2.0.0 <= 2.0.2" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | >= 6.5.0 < 6.5.4 Search vendor "Vmware" for product "Workstation" and version " >= 6.5.0 < 6.5.4" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 7.0 Search vendor "Vmware" for product "Workstation" and version "7.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|