Heap-Based Buffer Overflow in VMware Workstation, Player, ACE, and Server
CVE-2009-0910

Currently unrated

Key Information:

Vendor: Vmware
Status: Ace; Player; Workstation; Server
Vendor: CVE Published:; 6 April 2009

Summary

A heap-based buffer overflow vulnerability exists in the VNnc Codec of multiple VMware products, allowing remote attackers to execute arbitrary code. This exploitation can occur when a user accesses a specially crafted web page or video file, which triggers the overflow. Users are advised to upgrade to the latest versions of the affected products to mitigate the associated risks.

References

http://security.gentoo.org/glsa/glsa-201209-25.xml

vendor-advisoryx_refsource_GENTOO

http://seclists.org/fulldisclosure/2009/Apr/0036.html

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/bid/34373

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Apr 6, 2009
Vulnerability Reserved
Mar 14, 2009