Vulnerability CVE-2009-2628

Vulnerability CVE-2009-2628

Published: 2009-09-08 Modified: 2012-02-13

Description:

The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption.

See advisories in our WLB2 database:

	Topic	Author	Date
High	VMware Multiple - security issues	VMware Security ...	10.09.2009

Type:

CWE-94

(Improper Control of Generation of Code ('Code Injection'))

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
9.3/10	10/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Vmware -> ACE
Vmware -> Movie decoder
Vmware -> Player
Vmware -> Workstation

References:

http://lists.vmware.com/pipermail/security-announce/2009/000065.html

http://www.kb.cert.org/vuls/id/444513

http://www.securityfocus.com/archive/1/506286/100/0/threaded

http://www.securityfocus.com/bid/36290

http://www.vmware.com/security/advisories/VMSA-2009-0012.html

http://www.vupen.com/english/advisories/2009/2553

Copyright 2024, cxsecurity.com