CVE-2009-3732

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-3732
Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html Broken Link
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html Broken Link
http://lists.vmware.com/pipermail/security-announce/2010/000090.html Mailing List Patch Vendor Advisory
http://secunia.com/advisories/39110 Not Applicable
http://security.gentoo.org/glsa/glsa-201209-25.xml Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2010-0007.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:ace:2.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

15 Jun 2022, 15:46

Type Values Removed Values Added
First Time Vmware ace
Vmware player
Vmware workstation
Microsoft
Microsoft windows
CPE cpe:2.3:a:vmware:vmrc:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:esxi:*:*:*:*:*:*:*:*		 cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:ace:2.6:*:*:*:*:*:*:*
References (SECUNIA) http://secunia.com/advisories/39110 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/39110 - Not Applicable
References (MLIST) http://lists.vmware.com/pipermail/security-announce/2010/000090.html - Patch, Vendor Advisory (MLIST) http://lists.vmware.com/pipermail/security-announce/2010/000090.html - Mailing List, Patch, Vendor Advisory
References (BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html - (BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html - Broken Link
References (GENTOO) http://security.gentoo.org/glsa/glsa-201209-25.xml - (GENTOO) http://security.gentoo.org/glsa/glsa-201209-25.xml - Third Party Advisory
References (FULLDISC) http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html - (FULLDISC) http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html - Broken Link
Information

Published : 2010-04-12 18:30

Updated : 2023-12-10 11:03

NVD link : CVE-2009-3732

Mitre link : CVE-2009-3732

CVE.ORG link : CVE-2009-3732

JSON object : View

Products Affected

vmware

  • player
  • server
  • workstation
  • ace

microsoft

  • windows
CWE
CWE-134

Use of Externally-Controlled Format String