CVE-2009-0909

Currently unrated

Key Information:

Vendor: Vmware
Status: Ace; Player; Workstation; Server
Vendor: CVE Published:; 6 April 2009

Summary

Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435.

References

http://security.gentoo.org/glsa/glsa-201209-25.xml

vendor-advisoryx_refsource_GENTOO

http://seclists.org/fulldisclosure/2009/Apr/0036.html

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/bid/34373

vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 6, 2009
Vulnerability Reserved
Mar 14, 2009