CVE-2009-2628

The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.vmware.com/pipermail/security-announce/2009/000065.html	Patch
http://secunia.com/advisories/34938	Vendor Advisory
http://www.kb.cert.org/vuls/id/444513	US Government Resource
http://www.securityfocus.com/archive/1/506286/100/0/threaded
http://www.securityfocus.com/bid/36290	Patch
http://www.vmware.com/security/advisories/VMSA-2009-0012.html	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/2553	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:ace:2.5.0:::::::*
	cpe:2.3:a:vmware:ace:2.5.1:::::::*
	cpe:2.3:a:vmware:ace:2.5.2:::::::*
	cpe:2.3:a:vmware:movie_decoder:6.5.3:::::::*
	cpe:2.3:a:vmware:player:2.5:::::::*
	cpe:2.3:a:vmware:player:2.5.1:::::::*
	cpe:2.3:a:vmware:player:2.5.2:::::::*
	cpe:2.3:a:vmware:workstation:6.5:::::::*
	cpe:2.3:a:vmware:workstation:6.5.0:::::::*
	cpe:2.3:a:vmware:workstation:6.5.1:::::::*
	cpe:2.3:a:vmware:workstation:6.5.2:::::::*

History

No history.

Information

Published : 2009-09-08 22:30

Updated : 2023-12-10 10:51

NVD link : CVE-2009-2628

Mitre link : CVE-2009-2628

CVE.ORG link : CVE-2009-2628

JSON object : View

Products Affected

vmware

player
workstation
ace
movie_decoder

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2009-2628", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-09-08T22:30:00.483", "references": [{"url": "http://lists.vmware.com/pipermail/security-announce/2009/000065.html", "tags": ["Patch"], "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/34938", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/444513", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/archive/1/506286/100/0/threaded", "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/36290", "tags": ["Patch"], "source": "cret@cert.org"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2009-0012.html", "tags": ["Patch", "Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2009/2553", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption."}, {"lang": "es", "value": "El codec multimedia VMnc en vmnc.dll en VMware Movie Decoder anterior a v6.5.3 build 185404, VMware Workstation v6.5.x anterior a v6.5.3 build 185404, VMware Player v2.5.x anterior a v2.5.3 build 185404 y VMware ACE v2.5.x anterior a v2.5.3 build 185404 sobre Windows, no maneja adecuadamente determinados tama\u00f1os de altura en el contenido de video, lo que podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo AVI manipulado que provocar\u00eda un corrupci\u00f3n de memoria."}], "lastModified": "2018-10-10T19:41:03.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886"}, {"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528"}, {"criteria": "cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E62960B2-91AE-4DD7-8085-9BA6BCB84473"}, {"criteria": "cpe:2.3:a:vmware:movie_decoder:6.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE79F3F7-A21A-4CAA-BB0D-2955299EE8E0"}, {"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02"}, {"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC"}, {"criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D"}, {"criteria": "cpe:2.3:a:vmware:workstation:6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFC6B629-30B3-4C45-B5E9-1B4310F186FD"}, {"criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F"}, {"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627"}, {"criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}