CVE-2009-3732

Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html	Broken Link
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html	Broken Link
http://lists.vmware.com/pipermail/security-announce/2010/000090.html	Mailing List Patch Vendor Advisory
http://secunia.com/advisories/39110	Not Applicable
http://security.gentoo.org/glsa/glsa-201209-25.xml	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2010-0007.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:vmware:ace::::::::
	cpe:2.3:a:vmware:ace:2.6:::::::*
	cpe:2.3:a:vmware:player::::::::
	cpe:2.3:a:vmware:player:3.0:::::::*
	cpe:2.3:a:vmware:server::::::::
	cpe:2.3:a:vmware:workstation::::::::
	cpe:2.3:a:vmware:workstation:7.0:::::::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

15 Jun 2022, 15:46

Type	Values Removed	Values Added
CPE	cpe:2.3:a:vmware:vmrc:::::::: cpe:2.3:a:vmware:esxi::::::::	cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:vmware:player:3.0:::::::* cpe:2.3:a:vmware:workstation:7.0:::::::* cpe:2.3:a:vmware:player:::::::: cpe:2.3:a:vmware:workstation:::::::: cpe:2.3:a:vmware:ace:2.6:::::::* cpe:2.3:a:vmware:ace::::::::
References	~~(GENTOO) http://security.gentoo.org/glsa/glsa-201209-25.xml -~~	(GENTOO) http://security.gentoo.org/glsa/glsa-201209-25.xml - Third Party Advisory
References	~~(FULLDISC) http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html -~~	(FULLDISC) http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html - Broken Link
References	~~(BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html -~~	(BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html - Broken Link
References	~~(MLIST) http://lists.vmware.com/pipermail/security-announce/2010/000090.html - Patch, Vendor Advisory~~	(MLIST) http://lists.vmware.com/pipermail/security-announce/2010/000090.html - Mailing List, Patch, Vendor Advisory
References	~~(SECUNIA) http://secunia.com/advisories/39110 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/39110 - Not Applicable

Information

Published : 2010-04-12 18:30

Updated : 2024-02-04 17:54

NVD link : CVE-2009-3732

Mitre link : CVE-2009-3732

CVE.ORG link : CVE-2009-3732

JSON object : View

Products Affected

microsoft

windows

vmware

workstation
server
player
ace

CWE

CWE-134

Use of Externally-Controlled Format String

10.0 /10