CVE-2009-1565

VMware Movie Decoder - Remote Code Execution via Crafted HexTile-Encoded AVI Chunks

Title source: llm
STIX 2.1

Description

vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors."

References (11)

Core 11
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39206
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36712
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/63615
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2009-37/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023838
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/39364
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39215
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html

Scores

EPSS 0.1692
EPSS Percentile 95.0%

Details

CWE
CWE-119
Status published
Products (12)
vmware/movie_decoder 6.5.3
vmware/player 2.5
vmware/player 2.5.1
vmware/player 2.5.2
vmware/player 2.5.3
vmware/server 2.0.0
vmware/server 2.0.1
vmware/server 2.0.2
vmware/workstation 6.5.0
vmware/workstation 6.5.1
... and 2 more
Published Apr 12, 2010
Tracked Since Feb 18, 2026