PT-2010-1260 · Vmware · Vmware Server+4
Published
2010-04-12
·
Updated
2010-04-22
·
CVE-2009-1564
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
VMware Movie Decoder versions prior to 6.5.4 Build 246459
VMware Workstation versions prior to 6.5.4 build 246459
VMware Player versions prior to 2.5.4 build 246459
VMware Server versions prior to 2.x on Windows
Description
The issue is related to a heap-based buffer overflow in the vmnc.dll component of the VMnc media codec. This can be exploited by remote attackers through an AVI file containing crafted video chunks that utilize HexTile encoding, potentially allowing the execution of arbitrary code.
Recommendations
For VMware Movie Decoder versions prior to 6.5.4 Build 246459, update to version 6.5.4 Build 246459 or later.
For VMware Workstation versions prior to 6.5.4 build 246459, update to version 6.5.4 build 246459 or later.
For VMware Player versions prior to 2.5.4 build 246459, update to version 2.5.4 build 246459 or later.
For VMware Server versions prior to 2.x on Windows, update to a version that is not affected by this issue.
Fix
RCE
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vmware Movie Decoder
Vmware Player
Vmware Server
Vmware Workstation
Vmnc.Dll