CVE-2009-0909

2009-04-0615:30:04

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-0909

vmware

buffer overflow

remote code execution

web page

video file

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

High

0.057 Low

EPSS

Percentile

93.4%

JSON

Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435.

Affected configurations

NVD

Node

vmwareaceMatch2.5.1

vmwareplayerMatch2.5.1

vmwareserverMatch2.0

vmwareworkstationMatch6.5.1

CPENameOperatorVersion
vmware:acevmware aceeq2.5.1
vmware:playervmware playereq2.5.1
vmware:servervmware servereq2.0
vmware:workstationvmware workstationeq6.5.1