|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-Disclosure] Format string flaw in VMWare Workstation 4.5.2 build-8848.
From: Reed Arvin (reedarvin
gmail.com)
Date: Mon Nov 29 2004 - 09:45:01 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Summary:
Just a simple, low to no risk format string flaw in VMWare Workstation.
Details:
Running vmware.exe from the command line with certain arguments
produces a message box that contains various data stored in memory.
Vulnerable Versions:
VMWare Workstation 4.5.2 build-8848
Solutions:
The vendor was notified. There was no response.
Exploit:
Run the following command from the command prompt:
vmware.exe %x%x%x%x
Discovered by Reed Arvin reedarvin[at]gmail[dot]com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]