CVE-2009-2628

Currently unrated

Key Information:

Vendor: Vmware
Status: Ace; Player; Workstation; Movie Decoder
Vendor: CVE Published:; 8 September 2009

Summary

The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption.

References

http://lists.vmware.com/pipermail/security-announce/2009/...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/36290

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/506286/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 8, 2009
Vulnerability Reserved
Jul 28, 2009