VMware Products Multiple Vulnerabilities (Win) Sep09 Network Vulnerability

Summary

The host is installed with VMWare products and are prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attacker to cause a heap-based buffer overflow via a specially crafted video file with mismatched dimensions. Impact Level: System/Application

Solution

Upgrade your VMWares according to the below link. http://lists.vmware.com/pipermail/security-announce/2009/000065.html

Insight

The multiple flaws are due to, - An heap overflow error in the VMnc codec (vmnc.dll) when processing a video file with mismatched dimension. - An heap corruption error in the VMnc codec (vmnc.dll) when processing a video with a height of less than 8 pixels.

Affected

VMware Workstation versions prior to 6.5.3 Build 185404 VMware Player versions prior to 2.5.3 build 185404

References

http://secunia.com/secunia_research/2009-25/
http://www.kb.cert.org/vuls/id/444513
http://www.vmware.com/security/advisories/VMSA-2009-0012.html
http://www.vupen.com/english/advisories/2009/2553

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0199, CVE-2009-2628

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows)
Adobe Flash Player Buffer Overflow Vulnerability (Mac OS X)
Active Perl 'Perl_repeatcpy()' Function Buffer Overflow Vulnerability (Windows)
avast! Multiple Vulnerabilities - Oct09 (Win)
BreakPoint Software, Hex Workshop Buffer Overflow vulnerability

VMware Products Multiple Vulnerabilities (Win) sep09

Take action and discover your vulnerabilities