The host is installed with the VMware OVF Tool 2.1 or VMware Workstation 8.x before 8.0.5 or VMware Player 4.x before 4.0.5 on Windows and is prone to format string vulnerability. A flaw is present in the application, which fails to properly handle a crafted OVF file. Successful exploitation allows user-assisted remote attackers to execute arbitrary code.