Heap-based Buffer Overflow in VMware Movie Decoder and Workstation
CVE-2009-0199

Currently unrated

Key Information:

Vendor: Vmware
Status: Ace; Player; Workstation; Movie Decoder
Vendor: CVE Published:; 8 September 2009

Summary

A heap-based buffer overflow flaw exists in the VMnc media codec, specifically within vmnc.dll in multiple VMware products prior to specified versions. This vulnerability could potentially allow attackers to execute arbitrary code on an affected system by tricking users into opening specially crafted video files with manipulated dimensions or framebuffer parameters. As a result, it poses significant risks for systems running impacted VMware software.

References

http://lists.vmware.com/pipermail/security-announce/2009/...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/36290

vdb-entryx_refsource_BID

http://secunia.com/secunia_research/2009-25/

x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 8, 2009
Vulnerability Reserved
Jan 20, 2009