CVE-2010-4294

Name of the Vulnerable Software and Affected Versions VMware Movie Decoder versions prior to 6.5.5 build 328052 and prior to 7.1.2 build 301548 VMware Workstation versions prior to 6.5.5 build 328052 and prior to 7.1.2 build 301548 VMware Player versions prior to 2.5.5 build 246459 and prior to 3.1.2 build 301548 VMware Server version 2.x

Description The issue is related to the frame decompression functionality in the VMnc media codec, which does not properly validate an unspecified size field. This allows remote attackers to execute arbitrary code or cause a denial of service via a crafted video file, resulting in heap memory corruption.

Recommendations For VMware Movie Decoder versions prior to 6.5.5 build 328052 and prior to 7.1.2 build 301548, update to version 6.5.5 build 328052 or 7.1.2 build 301548. For VMware Workstation versions prior to 6.5.5 build 328052 and prior to 7.1.2 build 301548, update to version 6.5.5 build 328052 or 7.1.2 build 301548. For VMware Player versions prior to 2.5.5 build 246459 and prior to 3.1.2 build 301548, update to version 2.5.5 build 246459 or 3.1.2 build 301548. For VMware Server version 2.x, update to a version that is not affected by this issue.