PT-2009-3498 · Vmware · Vmware Server+3

Aaron Portnoy

Published

2009-04-06

Updated

2017-09-29

CVE-2009-0910

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions VMware Workstation versions 6.5.x through 6.5.1 VMware Player versions 2.5.x through 2.5.1 VMware ACE versions 2.5.x through 2.5.1 VMware Server versions 2.0.x through 2.0.0

Description A heap-based buffer overflow in the VNnc Codec allows remote attackers to execute arbitrary code via a crafted web page or video file.

Recommendations For VMware Workstation versions 6.5.x through 6.5.1, update to build 156735 or later. For VMware Player versions 2.5.x through 2.5.1, update to build 156735 or later. For VMware ACE versions 2.5.x through 2.5.1, update to build 156735 or later. For VMware Server versions 2.0.x through 2.0.0, update to build 156745 or later.

Exploit

Fix

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2009-0910

Affected Products

Vmware Ace

Vmware Player

Vmware Server

Vmware Workstation

PT-2009-3498 · Vmware · Vmware Server+3

CVE-2009-0910

Weakness Enumeration

Related Identifiers

Affected Products

References · 10