VMware OVF Tool 2.1 File Handling Format String Vulnerability (VMSA-2012-0015)

High Nessus Plugin ID 63075


The remote Windows host has a tool installed that is affected by a format string vulnerability.


The version of the VMware OVF Tool installed on the remote Windows host is potentially affected by a format string vulnerability. By tricking a user into loading a specially crafted OVF file a remote, unauthenticated attacker could execute arbitrary code on the remote host subject to the privileges of the user running the affected application.


Upgrade to VMware OVF Tool 3.0.1 or later.

See Also



Plugin Details

Severity: High

ID: 63075

File Name: vmware_ovftool_vmsa_2012-0015.nasl

Version: 1.11

Type: local

Agent: windows

Family: Windows

Published: 2012/11/28

Updated: 2018/11/15

Dependencies: 63074

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:vmware:ovf_tool

Required KB Items: SMB/VMware OVF Tool/Path, SMB/VMware OVF Tool/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/11/08

Vulnerability Publication Date: 2012/11/08

Exploitable With

Core Impact

Metasploit (VMWare OVF Tools Format String Vulnerability)

Reference Information

CVE: CVE-2012-3569

BID: 56468

VMSA: 2012-0015