Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 12/04/2010 Updated: 22/04/2010

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder prior to 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x prior to 6.5.4 build 246459, VMware Player 2.5.x prior to 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote malicious users to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware movie_decoder 6.5.3
vmware workstation 6.5.0
vmware workstation 6.5.3
vmware workstation 6.5.1
vmware workstation 6.5.2
vmware player 2.5.3
vmware player 2.5.1
vmware player 2.5.2
vmware player 2.5
vmware server 2.0.1
vmware server 2.0.2
vmware server 2.0.0

CWE-119 http://www.vmware.com/security/advisories/VMSA-2010-0007.html http://secunia.com/advisories/39206 http://secunia.com/advisories/36712 http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://secunia.com/secunia_research/2009-36/http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://secunia.com/advisories/39215 http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://www.securityfocus.com/bid/39363 http://osvdb.org/63614 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=866 http://www.securitytracker.com/id?1023838 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-1564

Vulnerability Summary

References

Vulmon Search

About

Products

Connect