Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 12/04/2010 Updated: 22/04/2010

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

vmnc.dll in the VMnc media codec in VMware Movie Decoder prior to 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x prior to 6.5.4 build 246459, VMware Player 2.5.x prior to 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote malicious users to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors."

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware movie_decoder 6.5.3
vmware workstation 6.5.2
vmware workstation 6.5.3
vmware workstation 6.5.0
vmware workstation 6.5.1
vmware player 2.5.2
vmware player 2.5.3
vmware player 2.5
vmware player 2.5.1
vmware server 2.0.0
vmware server 2.0.1
vmware server 2.0.2

CWE-119 http://secunia.com/secunia_research/2009-37/http://secunia.com/advisories/39206 http://secunia.com/advisories/36712 http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://secunia.com/advisories/39215 http://www.vmware.com/security/advisories/VMSA-2010-0007.html http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://www.osvdb.org/63615 http://www.securityfocus.com/bid/39364 http://www.securitytracker.com/id?1023838 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-1565

Vulnerability Summary

References

Vulmon Search

About

Products

Connect