CVE-2009-1564
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding.
Desbordamiento de búfer basado en pila en vmnc.dll en VMnc media codec en VMware Movie Decoder anterior a v6.5.4 build 246459 en Windows, y el descodificador de cine en VMware Workstation v6.5.x anterior a v6.5.4 build 246459, VMware Player v2.5.x anterior a v2.5.4 build 246459, y VMware Server v2.x en Windows, permite a atacantes remotos ejecutar código a su elección mediante un archivo AVI con trozos de vídeo manipulados que utilizan la codificación HexTile.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-05-06 CVE Reserved
- 2010-04-10 CVE Published
- 2024-07-15 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | Mailing List | |
| http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | Mailing List | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=866 | Third Party Advisory | |
| http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Mailing List | |
| http://osvdb.org/63614 | Vdb Entry | |
| http://www.securityfocus.com/bid/39363 | Vdb Entry | |
| http://www.securitytracker.com/id?1023838 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/36712 | 2010-04-22 | |
| http://secunia.com/advisories/39206 | 2010-04-22 | |
| http://secunia.com/advisories/39215 | 2010-04-22 | |
| http://secunia.com/secunia_research/2009-36 | 2010-04-22 | |
| http://www.vmware.com/security/advisories/VMSA-2010-0007.html | 2010-04-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Movie Decoder Search vendor "Vmware" for product "Movie Decoder" | 6.5.3 Search vendor "Vmware" for product "Movie Decoder" and version "6.5.3" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 2.0.0 Search vendor "Vmware" for product "Server" and version "2.0.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 2.0.1 Search vendor "Vmware" for product "Server" and version "2.0.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 2.0.2 Search vendor "Vmware" for product "Server" and version "2.0.2" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 6.5.0 Search vendor "Vmware" for product "Workstation" and version "6.5.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 6.5.1 Search vendor "Vmware" for product "Workstation" and version "6.5.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 6.5.2 Search vendor "Vmware" for product "Workstation" and version "6.5.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 6.5.3 Search vendor "Vmware" for product "Workstation" and version "6.5.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | 2.5 Search vendor "Vmware" for product "Player" and version "2.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | 2.5.1 Search vendor "Vmware" for product "Player" and version "2.5.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | 2.5.2 Search vendor "Vmware" for product "Player" and version "2.5.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | 2.5.3 Search vendor "Vmware" for product "Player" and version "2.5.3" | - |
Affected
| ||||||