[Forgot Password]
Login  Register Subscribe

25354

 
 

132804

 
 

134312

 
 

909

 
 

108836

 
 

152

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2010-4294Date: (C)2010-12-06   (M)2019-09-30


The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1024819
http://www.securityfocus.com/archive/1/archive/1/514995/100/0/threaded
SECUNIA-42482
BID-45169
OSVDB-69596
ADV-2010-3116
IAVM:2010-A-0168
http://lists.vmware.com/pipermail/security-announce/2010/000112.html
http://www.vmware.com/security/advisories/VMSA-2010-0018.html

CPE    30
cpe:/a:vmware:workstation:7.0.1
cpe:/a:vmware:workstation:7.0
cpe:/a:vmware:workstation:7.1
cpe:/a:vmware:server:2.0.2
...
CWE    1
CWE-94
OVAL    1
oval:org.secpod.oval:def:36849

© SecPod Technologies