Summary
The host is installed with VMWare products and are prone to memory corruption and buffer overflow Vulnerability
Impact
Successful exploitation will allow attacker to corrupt heap memory by tricking a user into visiting a malicious website or playing a malicious file.
Impact Level: System/Application
Solution
upgrade workstation 6.5.5 build 328052 or 7.1.2 build 301548 http://www.vmware.com/products/ws/
Upgrade to VMware player 2.5.5 build 246459 and 3.1.2 build 301548 http://www.vmware.com/products/player/
For VMware Server version 2.x,
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
The flaw is due to the VMnc codec 'vmnc.dll' driver which does not properly verify the size when handling 'ICM_DECOMPRESS' driver messages, which can be exploited to corrupt heap memory.
Affected
VMware Server version 2.x
VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548
References
Severity
Classification
-
CVE CVE-2010-4294 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Mac OS X)
- Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin)
- Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Windows)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows
- Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)