CVE-2009-1565

vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/secunia_research/2009-37/	Vendor Advisory
http://secunia.com/advisories/39206	Vendor Advisory
http://secunia.com/advisories/36712	Vendor Advisory
http://lists.vmware.com/pipermail/security-announce/2010/000090.html	Patch
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
http://secunia.com/advisories/39215	Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2010-0007.html	Patch
http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
http://www.osvdb.org/63615
http://www.securityfocus.com/bid/39364
http://www.securitytracker.com/id?1023838

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:vmware:movie_decoder:6.5.3:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:vmware:workstation:6.5.2:::::::*
	cpe:2.3:a:vmware:workstation:6.5.3:::::::*
	cpe:2.3:a:vmware:workstation:6.5.0:::::::*
	cpe:2.3:a:vmware:workstation:6.5.1:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:vmware:player:2.5.2:::::::*
	cpe:2.3:a:vmware:player:2.5.3:::::::*
	cpe:2.3:a:vmware:player:2.5:::::::*
	cpe:2.3:a:vmware:player:2.5.1:::::::*

Configuration 4 (hide)

AND

OR	cpe:2.3:a:vmware:server:2.0.0:::::::*
	cpe:2.3:a:vmware:server:2.0.1:::::::*
	cpe:2.3:a:vmware:server:2.0.2:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Information

Published : 2010-04-12 11:30

Updated : 2010-04-21 22:33

NVD link : CVE-2009-1565

Mitre link : CVE-2009-1565

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

microsoft

windows

vmware

movie_decoder
workstation
player
server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/secunia_research/2009-37/", "name": "http://secunia.com/secunia_research/2009-37/", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/39206", "name": "39206", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/36712", "name": "36712", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html", "name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", "tags": ["Patch"], "refsource": "MLIST"}, {"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html", "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", "tags": [], "refsource": "FULLDISC"}, {"url": "http://secunia.com/advisories/39215", "name": "39215", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html", "name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html", "name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.osvdb.org/63615", "name": "63615", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.securityfocus.com/bid/39364", "name": "39364", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1023838", "name": "1023838", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to \"integer truncation errors.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-1565", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2010-04-12T18:30Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vmware:movie_decoder:6.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2010-04-22T05:33Z"}

9.3 /10