Heap-based Buffer Overflow in VMware Movie Decoder and Workstation
CVE-2009-0199

Currently unrated

Key Information:

Vendor

Vmware
Status
Ace
Player
Workstation
Movie Decoder
Vendor
CVE Published:
8 September 2009

What is CVE-2009-0199?

A heap-based buffer overflow flaw exists in the VMnc media codec, specifically within vmnc.dll in multiple VMware products prior to specified versions. This vulnerability could potentially allow attackers to execute arbitrary code on an affected system by tricking users into opening specially crafted video files with manipulated dimensions or framebuffer parameters. As a result, it poses significant risks for systems running impacted VMware software.

References

http://lists.vmware.com/pipermail/security-announce/2009/...
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/36290
vdb-entryx_refsource_BID
http://secunia.com/secunia_research/2009-25/
x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.