VMware Products Multiple Vulnerabilities (Win) Sep09 Network Vulnerability

Summary

The host is installed with VMWare products and are prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attacker to cause a heap-based buffer overflow via a specially crafted video file with mismatched dimensions. Impact Level: System/Application

Solution

Upgrade your VMWares according to the below link. http://lists.vmware.com/pipermail/security-announce/2009/000065.html

Insight

The multiple flaws are due to, - An heap overflow error in the VMnc codec (vmnc.dll) when processing a video file with mismatched dimension. - An heap corruption error in the VMnc codec (vmnc.dll) when processing a video with a height of less than 8 pixels.

Affected

VMware Workstation versions prior to 6.5.3 Build 185404 VMware Player versions prior to 2.5.3 build 185404

References

http://secunia.com/secunia_research/2009-25/
http://www.kb.cert.org/vuls/id/444513
http://www.vmware.com/security/advisories/VMSA-2009-0012.html
http://www.vupen.com/english/advisories/2009/2553

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0199, CVE-2009-2628
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Reader 'mailListIsPdf' Buffer Overflow Vulnerability (Linux)
Audacity Buffer Overflow Vulnerability (Win)
avast! 'aswRdr.sys' Buffer Overflow Vulnerability
Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Mac OS X)
Asterisk HTTP Manager Buffer Overflow Vulnerability

VMware Products Multiple Vulnerabilities (Win) sep09

Take action and discover your vulnerabilities