9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.6 High
AI Score
Confidence
Low
0.282 Low
EPSS
Percentile
96.9%
vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to βinteger truncation errors.β
archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
lists.vmware.com/pipermail/security-announce/2010/000090.html
secunia.com/advisories/36712
secunia.com/advisories/39206
secunia.com/advisories/39215
secunia.com/secunia_research/2009-37/
www.osvdb.org/63615
www.securityfocus.com/bid/39364
www.securitytracker.com/id?1023838
www.vmware.com/security/advisories/VMSA-2010-0007.html