PT-2009-5025 · Vmware · Vmware Player+3
Will Dormann
·
Publicado
2009-09-08
·
Atualizado
2018-10-10
·
CVE-2009-2628
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
VMware Movie Decoder versions prior to 6.5.3 build 185404
VMware Workstation versions prior to 6.5.3 build 185404
VMware Player versions prior to 2.5.3 build 185404
VMware ACE versions prior to 2.5.3 build 185404
Description
The issue arises from the VMnc media codec in vmnc.dll not properly handling certain small heights in video content. This could allow remote attackers to execute arbitrary code via a crafted AVI file, triggering heap memory corruption.
Recommendations
For VMware Movie Decoder versions prior to 6.5.3 build 185404, update to version 6.5.3 build 185404 or later.
For VMware Workstation versions prior to 6.5.3 build 185404, update to version 6.5.3 build 185404 or later.
For VMware Player versions prior to 2.5.3 build 185404, update to version 2.5.3 build 185404 or later.
For VMware ACE versions prior to 2.5.3 build 185404, update to version 2.5.3 build 185404 or later.
Correção
RCE
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Vmware Ace
Vmware Movie Decoder
Vmware Player
Vmware Workstation