Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Format string flaw in VMWare Workstation 4.5.2 build-8848.
From: "BillyBob" <billybobknob () hotmail com>
Date: Sun, 5 Dec 2004 18:53:40 -0400

I tried it on that version inside an XP (no SP) system and it did not work


----- Original Message -----
From: "Reed Arvin" <reedarvin () gmail com>
To: <full-disclosure () lists netsys com>
Sent: Monday, November 29, 2004 11:45 AM
Subject: [Full-disclosure] Format string flaw in VMWare Workstation 4.5.2
build-8848.


Summary:
Just a simple, low to no risk format string flaw in VMWare Workstation.

Details:
Running vmware.exe from the command line with certain arguments
produces a message box that contains various data stored in memory.

Vulnerable Versions:
VMWare Workstation 4.5.2 build-8848

Solutions:
The vendor was notified.  There was no response.

Exploit:
Run the following command from the command prompt:

vmware.exe %x%x%x%x

Discovered by Reed Arvin reedarvin[at]gmail[dot]com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • Re: Format string flaw in VMWare Workstation 4.5.2 build-8848. BillyBob (Dec 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault