| Vulnerability Name: | CVE-2009-2628 (CCN-53096) | ||||||||
| Assigned: | 2009-09-05 | ||||||||
| Published: | 2009-09-05 | ||||||||
| Updated: | 2018-10-10 | ||||||||
| Summary: | The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-94 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-2628 Source: CCN Type: VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues Source: MLIST Type: Patch [security-announce] 20090904 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues. Source: CCN Type: SA34938 VMware Workstation Movie Decoder VMnc Codec Two Vulnerabilities Source: SECUNIA Type: Vendor Advisory 34938 Source: CCN Type: US-CERT VU#444513 VMware VMnc AVI video codec image height heap overflow Source: CCN Type: US-CERT Vulnerability Note VU#444513 VMware VMnc AVI video codec image height heap overflow Source: CERT-VN Type: US Government Resource VU#444513 Source: CCN Type: OSVDB ID: 57836 VMware Workstation Movie Decoder VMnc Codec (vmnc.dll) Crafted AVI File Handling Memory Corruption Source: BUGTRAQ Type: UNKNOWN 20090905 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues. Source: BID Type: Patch 36290 Source: CCN Type: BID-36290 VMware Movie Decoder VMnc Codec Multiple Heap Overflow Vulnerabilities Source: CONFIRM Type: Patch, Vendor Advisory http://www.vmware.com/security/advisories/VMSA-2009-0012.html Source: VUPEN Type: Vendor Advisory ADV-2009-2553 Source: XF Type: UNKNOWN vmware-movie-decoder-video-bo(53096) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||