CVE-2009-1565
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors."
vmnc.dll en el codec multimedia VMnc anteriores a v6.5.4 Build 246459 en Windows, y el decodificados de video en VMware Workstation v6.5.x anteriores a v6.5.4 build 246459, VMware Player v2.5.x anteriores a v2.5.4 build 246459, y VMware Server v2.x en Windows, permite a atacantes remotos ejecutar código de forma arbitraria a traves de un fichero avi con trozos de vídeo codificado HexTile manipulado lo que inicia un desbordamiento de búfer de memoria dinámica, relacionado con los errores de truncado de entero.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-05-06 CVE Reserved
- 2010-04-10 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | Mailing List | |
| http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | Mailing List | |
| http://www.osvdb.org/63615 | Vdb Entry | |
| http://www.securityfocus.com/bid/39364 | Vdb Entry | |
| http://www.securitytracker.com/id?1023838 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.vmware.com/pipermail/security-announce/2010/000090.html | 2010-04-22 | |
| http://www.vmware.com/security/advisories/VMSA-2010-0007.html | 2010-04-22 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/36712 | 2010-04-22 | |
| http://secunia.com/advisories/39206 | 2010-04-22 | |
| http://secunia.com/advisories/39215 | 2010-04-22 | |
| http://secunia.com/secunia_research/2009-37 | 2010-04-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Movie Decoder Search vendor "Vmware" for product "Movie Decoder" | 6.5.3 Search vendor "Vmware" for product "Movie Decoder" and version "6.5.3" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 2.0.0 Search vendor "Vmware" for product "Server" and version "2.0.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 2.0.1 Search vendor "Vmware" for product "Server" and version "2.0.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 2.0.2 Search vendor "Vmware" for product "Server" and version "2.0.2" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 6.5.0 Search vendor "Vmware" for product "Workstation" and version "6.5.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 6.5.1 Search vendor "Vmware" for product "Workstation" and version "6.5.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 6.5.2 Search vendor "Vmware" for product "Workstation" and version "6.5.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | 6.5.3 Search vendor "Vmware" for product "Workstation" and version "6.5.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | 2.5 Search vendor "Vmware" for product "Player" and version "2.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | 2.5.1 Search vendor "Vmware" for product "Player" and version "2.5.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | 2.5.2 Search vendor "Vmware" for product "Player" and version "2.5.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | 2.5.3 Search vendor "Vmware" for product "Player" and version "2.5.3" | - |
Affected
| ||||||