Heap Memory Corruption in VMware Movie Decoder and Workstation
CVE-2009-2628

Currently unrated

Key Information:

Vendor: Vmware
Status: Ace; Player; Workstation; Movie Decoder
Vendor: CVE Published:; 8 September 2009

Summary

The VMware Movie Decoder's handling of small heights in video content within AVI files can be exploited by remote attackers. This exploitation can lead to arbitrary code execution through heap memory corruption when users process specially crafted video files.

References

http://lists.vmware.com/pipermail/security-announce/2009/...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/36290

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/506286/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 8, 2009
Vulnerability Reserved
Jul 28, 2009