CVE-2009-3732 — HIGH (10.0)

Q: What is CVE-2009-3732?

CVE-2009-3732 is a vulnerability with a CVSS score of 10.0 (HIGH). Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.

Q: How severe is CVE-2009-3732?

CVE-2009-3732 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-3732?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Ace, Vmware Player, Vmware Server, Vmware Workstation, Microsoft Windows.

Vulnerability Description

Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Vmware	Ace	>= 2.5.0, < 2.5.4
Vmware	Player	>= 2.5.0, < 2.5.4
Vmware	Server	>= 2.0.0, <= 2.0.2
Vmware	Workstation	>= 6.5.0, < 6.5.4
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-134

References

http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.htmlBroken Link
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.htmlBroken Link
http://lists.vmware.com/pipermail/security-announce/2010/000090.htmlMailing ListPatchVendor Advisory
http://secunia.com/advisories/39110Not Applicable
http://security.gentoo.org/glsa/glsa-201209-25.xmlThird Party Advisory
http://www.vmware.com/security/advisories/VMSA-2010-0007.htmlPatchVendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.htmlBroken Link
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.htmlBroken Link
http://lists.vmware.com/pipermail/security-announce/2010/000090.htmlMailing ListPatchVendor Advisory
http://secunia.com/advisories/39110Not Applicable
http://security.gentoo.org/glsa/glsa-201209-25.xmlThird Party Advisory
http://www.vmware.com/security/advisories/VMSA-2010-0007.htmlPatchVendor Advisory

FAQ

What is CVE-2009-3732?

CVE-2009-3732 is a vulnerability with a CVSS score of 10.0 (HIGH). Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.

How severe is CVE-2009-3732?

CVE-2009-3732 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-3732?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Ace, Vmware Player, Vmware Server, Vmware Workstation, Microsoft Windows.