CVE-2009-1564
VMware Movie Decoder - Heap-based Buffer Overflow via Crafted AVI HexTile Video Chunks
Title source: llmDescription
Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding.
References (12)
Core 12
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39206
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/63614
Various Sources mailing-list
x_refsource_mlist
http://lists.vmware.com/pipermail/security-announce/2010/000090.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36712
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
Third Party Advisory third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=866
Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2010-0007.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/39363
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1023838
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39215
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2009-36/
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
Scores
EPSS
0.1720
EPSS Percentile
95.1%
Details
CWE
CWE-119
Status
published
Products (12)
vmware/movie_decoder
6.5.3
vmware/player
2.5
vmware/player
2.5.1
vmware/player
2.5.2
vmware/player
2.5.3
vmware/server
2.0.0
vmware/server
2.0.1
vmware/server
2.0.2
vmware/workstation
6.5.0
vmware/workstation
6.5.1
... and 2 more
Published
Apr 12, 2010
Tracked Since
Feb 18, 2026