CVE-2009-0199 : Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware

Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters).

Published 2009-09-08 22:30:00

Updated 2018-10-11 21:00:52

Source Flexera Software LLC

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2009-0199

Probability of exploitation activity in the next 30 days: 13.77%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-0199

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2009-0199

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-0199

http://www.vmware.com/security/advisories/VMSA-2009-0012.html

Patch;Vendor Advisory

CVEs referencing this url
http://lists.vmware.com/pipermail/security-announce/2009/000065.html

Patch

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/2553

Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/archive/1/506286/100/0/threaded

CVEs referencing this url
http://www.securityfocus.com/bid/36290

CVEs referencing this url

Products affected by CVE-2009-0199

Vmware » Workstation » Version: 6.5
cpe:2.3:a:vmware:workstation:6.5:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 6.5.0
cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 6.5.1
cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 6.5.2
cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*
Matching versions
Vmware » ACE » Version: 2.5.0
cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*
Matching versions
Vmware » ACE » Version: 2.5.1
cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*
Matching versions
Vmware » ACE » Version: 2.5.2
cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 2.5
cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 2.5.1
cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 2.5.2
cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 2.5.2 Build 156735
cpe:2.3:a:vmware:player:2.5.2_build_156735:*:*:*:*:*:*:*
Matching versions
Vmware » Movie Decoder » Version: 6.5.3
cpe:2.3:a:vmware:movie_decoder:6.5.3:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2009-0199

Exploit prediction scoring system (EPSS) score for CVE-2009-0199

CVSS scores for CVE-2009-0199

CWE ids for CVE-2009-0199

References for CVE-2009-0199

Products affected by CVE-2009-0199