Rapid7 Vulnerability & Exploit Database

VMware Player: VMware VMnc Codec heap overflow vulnerabilities (VMSA-2010-0007) (CVE-2009-1564)

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

VMware Player: VMware VMnc Codec heap overflow vulnerabilities (VMSA-2010-0007) (CVE-2009-1564)

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

04/12/2010

Created

07/25/2018

Added

11/30/2013

Modified

05/27/2016

Description

Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding.

Solution(s)

vmware-player-upgrade-2_5_4

References

https://attackerkb.com/topics/cve-2009-1564
39363
CVE - 2009-1564
Category I
V0023997
2010-A-0066
http://www.vmware.com/security/advisories/VMSA-2010-0007.html

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

VMware Player: VMware VMnc Codec heap overflow vulnerabilities (VMSA-2010-0007) (CVE-2009-1564)

VMware Player: VMware VMnc Codec heap overflow vulnerabilities (VMSA-2010-0007) (CVE-2009-1564)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.