CVE-2009-1564

Name of the Vulnerable Software and Affected Versions VMware Movie Decoder versions prior to 6.5.4 Build 246459 VMware Workstation versions prior to 6.5.4 build 246459 VMware Player versions prior to 2.5.4 build 246459 VMware Server versions prior to 2.x on Windows

Description The issue is related to a heap-based buffer overflow in the vmnc.dll component of the VMnc media codec. This can be exploited by remote attackers through an AVI file containing crafted video chunks that utilize HexTile encoding, potentially allowing the execution of arbitrary code.

Recommendations For VMware Movie Decoder versions prior to 6.5.4 Build 246459, update to version 6.5.4 Build 246459 or later. For VMware Workstation versions prior to 6.5.4 build 246459, update to version 6.5.4 build 246459 or later. For VMware Player versions prior to 2.5.4 build 246459, update to version 2.5.4 build 246459 or later. For VMware Server versions prior to 2.x on Windows, update to a version that is not affected by this issue.