9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.171 Low
EPSS
Percentile
96.1%
Several security issues resolved with the latest VMnc codec.The VMware movie decoder contains the VMnc media codec that isrequired to play back movies recorded with VMware Workstation,VMware Player and VMware ACE, in any compatible media player. Themovie decoder is installed as part of VMware Workstation, VMwarePlayer and VMware ACE, or can be downloaded as a stand alonepackage.Several vulnerabilities in the VMnc codec can be exploited to causeheap-based buffer overflows via specially crafted video filescontaining incorrect framebuffer parameters.For an attack to be successful the user must be tricked intovisiting a malicious web page or opening a malicious video file ona system that has the vulnerable version of the VMnc codec installed.VMware would like to thank Alin Rad Pop of Secunia Research andWill Dormann of the CERT/CC for reporting these issues and workingwith us on their remediation.The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the names CVE-2009-0199 and CVE-2009-2628 to theseissues.To remediate the above issues either install the stand alone moviedecoder or update your product using the table below.
CPE | Name | Operator | Version |
---|---|---|---|
movie decoder | eq | any | |
workstation | lt | 6.5.3 build 185404 | |
player | lt | 2.5.3 build 185404 |