PT-2010-1261 · Vmware · Vmware Server+3
Published
2010-04-12
·
Updated
2010-04-22
·
CVE-2009-1565
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
VMware Movie Decoder versions prior to 6.5.4 Build 246459
VMware Workstation versions prior to 6.5.4 build 246459
VMware Player versions prior to 2.5.4 build 246459
VMware Server versions prior to 2.x on Windows
Description
The issue allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to integer truncation errors.
Recommendations
For VMware Movie Decoder versions prior to 6.5.4 Build 246459, update to version 6.5.4 Build 246459 or later.
For VMware Workstation versions prior to 6.5.4 build 246459, update to version 6.5.4 build 246459 or later.
For VMware Player versions prior to 2.5.4 build 246459, update to version 2.5.4 build 246459 or later.
For VMware Server versions prior to 2.x on Windows, update to a version that is not affected by this issue.
Fix
RCE
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vmware Movie Decoder
Vmware Player
Vmware Server
Vmware Workstation