HTTP: VMware Remote Console HOST and MOID Format String Code Execution
This signature detects attempts to exploit a known code execution vulnerability in VMware Remote Console (VMrc). It is due to a format string error in the VMrc browser plug-in on Windows-based platforms. This can allow remote attackers to execute arbitrary code by enticing the target user to open a maliciously crafted HTML document. In a successful attack, where arbitrary code is injected and executed on the target host, the behavior of the target system is dependent on the malicious code. Note that any code executed by the attacker runs with the privileges of the logged in user. In an unsuccessful attack, a denial-of-service condition can occur on the target system.
Extended Description
VMware Remote Console is prone to a remote format string vulnerability. Successful exploits may allow an attacker to execute arbitrary code. Failed attacks may cause denial-of-service conditions. NOTE: This issue was previously covered in BID 39345 (VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities), but has been given its own record to better document it.
Affected Products
Vmware infrastructure_client_(vsphere)
Short Name
HTTP:STC:ACTIVEX:VMWARE-FS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2009-3732 Code Console Execution Format HOST MOID Remote String VMware and bid:39396
Release Date
10/13/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Vmware
CVSS Score
10.0