CVE-2009-2628
VMware ACE, Player, Workstation, and Movie Decoder - Remote Code Execution via Crafted AVI File
Title source: llmDescription
The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption.
References (7)
Core 7
Core References
Patch mailing-list
x_refsource_mlist
http://lists.vmware.com/pipermail/security-announce/2009/000065.html
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36290
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/506286/100/0/threaded
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2553
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/444513
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34938
Patch, Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2009-0012.html
Scores
EPSS
0.1564
EPSS Percentile
94.8%
Details
CWE
CWE-94
Status
published
Products (11)
vmware/ace
2.5.0
vmware/ace
2.5.1
vmware/ace
2.5.2
vmware/movie_decoder
6.5.3
vmware/player
2.5
vmware/player
2.5.1
vmware/player
2.5.2
vmware/workstation
6.5
vmware/workstation
6.5.0
vmware/workstation
6.5.1
... and 1 more
Published
Sep 08, 2009
Tracked Since
Feb 18, 2026