CVE-2009-1564 : Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Wind

Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding.

Published 2010-04-12 18:30:00

Updated 2010-04-22 05:33:45

Source Flexera Software LLC

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2009-1564

Probability of exploitation activity in the next 30 days: 27.13%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-1564

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2009-1564

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-1564

http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html

CVEs referencing this url
http://www.securityfocus.com/bid/39363
http://lists.vmware.com/pipermail/security-announce/2010/000090.html

[Security-announce] VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues

CVEs referencing this url
http://www.vmware.com/security/advisories/VMSA-2010-0007.html

VMSA-2010-0007.1
Vendor Advisory

CVEs referencing this url
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=866
http://www.securitytracker.com/id?1023838

CVEs referencing this url
http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html

CVEs referencing this url

Products affected by CVE-2009-1564

Vmware » Workstation » Version: 6.5.0
cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 6.5.1
cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 6.5.2
cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 6.5.3
cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 2.5
cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 2.5.1
cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 2.5.2
cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 2.5.3
cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*
Matching versions
Vmware » Server » Version: 2.0.0
cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows
Vmware » Server » Version: 2.0.1
cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows
Vmware » Server » Version: 2.0.2
cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows
Vmware » Movie Decoder » Version: 6.5.3
cpe:2.3:a:vmware:movie_decoder:6.5.3:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows

Vulnerability Details : CVE-2009-1564

Exploit prediction scoring system (EPSS) score for CVE-2009-1564

CVSS scores for CVE-2009-1564

CWE ids for CVE-2009-1564

References for CVE-2009-1564

Products affected by CVE-2009-1564