VMware Movie Decoder Vulnerability in Multiple VMware Products
CVE-2010-4294

Currently unrated

Key Information:

Vendor: Vmware
Status: Movie Decoder
Vendor: CVE Published:; 6 December 2010

Summary

The VMnc media codec within VMware Movie Decoder fails to validate the size field adequately. This vulnerability can be exploited by remote attackers who craft a specific video file, potentially enabling arbitrary code execution or leading to a denial of service through heap memory corruption. This flaw affects multiple VMware products on Windows, making it critical for users to update their installations to the latest versions to mitigate risk.

References

http://lists.vmware.com/pipermail/security-announce/2010/...

mailing-listx_refsource_MLIST

http://www.vmware.com/security/advisories/VMSA-2010-0018....

x_refsource_CONFIRM

http://www.securityfocus.com/bid/45169

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Dec 6, 2010
Vulnerability Reserved
Nov 18, 2010