Heap-based Buffer Overflow in VMware Movie Decoder
CVE-2009-1564

Currently unrated

Key Information:

Vendor: Vmware
Status: Movie Decoder
Vendor: CVE Published:; 12 April 2010

Summary

The vulnerability in the VMnc media codec used by the VMware Movie Decoder potentially allows attackers to execute arbitrary code on affected Windows systems. By crafting malicious AVI files with specially designed video chunks encoded in HexTile format, remote attackers can exploit the overflow, compromising security and system integrity. Users of VMware Workstation 6.5.x, VMware Player 2.5.x, and VMware Server 2.x must apply the relevant updates to mitigate this risk.

References

http://secunia.com/advisories/39206

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/63614

vdb-entryx_refsource_OSVDB

http://lists.vmware.com/pipermail/security-announce/2010/...

mailing-listx_refsource_MLIST

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 12, 2010
Vulnerability Reserved
May 6, 2009