CVE-2009-3707

MEDIUM Year: 2009
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-134
View all →

Vulnerability Description

VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information.

Related Vulnerabilities

CVE-2010-3438

CRITICAL
CVSS:9.8(Critical)

libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'priv...

CWE-1342010

CVE-2015-7271

CRITICAL
CVSS:9.8(Critical)

Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo.

CWE-1342015

CVE-2015-8617

CRITICAL
CVSS:9.8(Critical)

Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a s...

CWE-1342015

CVE-2016-4448

CRITICAL
CVSS:9.8(Critical)

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

CWE-1342016

CVE-2016-5074

CRITICAL
CVSS:9.8(Critical)

CloudView NMS before 2.10a has a format string issue exploitable over SNMP.

CWE-1342016