CVE-2009-0199

Currently unrated

Key Information:

Vendor: Vmware
Status: Ace; Player; Workstation; Movie Decoder
Vendor: CVE Published:; 8 September 2009

Summary

Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters).

References

http://lists.vmware.com/pipermail/security-announce/2009/...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/36290

vdb-entryx_refsource_BID

http://secunia.com/secunia_research/2009-25/

x_refsource_MISC

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 8, 2009
Vulnerability Reserved
Jan 20, 2009