Heap-based Buffer Overflow Vulnerability in VMware Movie Decoder
CVE-2009-1565

Currently unrated

Key Information:

Vendor: Vmware
Status: Movie Decoder
Vendor: CVE Published:; 12 April 2010

Summary

A security vulnerability exists in the VMnc media codec utilized by VMware Movie Decoder, affecting several versions of VMware Workstation, Player, and Server. Exploiting this flaw involves crafting an AVI file containing specially designed HexTile-encoded video chunks, leading to a heap-based buffer overflow. This could potentially allow remote attackers to execute arbitrary code on the affected system, posing a significant risk to users running vulnerable versions of these VMware products.

References

http://secunia.com/advisories/39206

third-party-advisoryx_refsource_SECUNIA

http://lists.vmware.com/pipermail/security-announce/2010/...

mailing-listx_refsource_MLIST

http://secunia.com/advisories/36712

third-party-advisoryx_refsource_SECUNIA

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 12, 2010
Vulnerability Reserved
May 6, 2009