CVE-2009-1564

Currently unrated

Key Information:

Vendor: Vmware
Status: Movie Decoder
Vendor: CVE Published:; 12 April 2010

Summary

Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding.

References

http://secunia.com/advisories/39206

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/63614

vdb-entryx_refsource_OSVDB

http://lists.vmware.com/pipermail/security-announce/2010/...

mailing-listx_refsource_MLIST

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 12, 2010
Vulnerability Reserved
May 6, 2009