CVE-2009-0909

HIGH

Description

Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435.

References

http://lists.vmware.com/pipermail/security-announce/2009/000054.html

http://seclists.org/fulldisclosure/2009/Apr/0036.html

http://security.gentoo.org/glsa/glsa-201209-25.xml

http://www.securityfocus.com/bid/34373

http://www.securitytracker.com/id?1021974

http://www.vmware.com/security/advisories/VMSA-2009-0005.html

http://www.vupen.com/english/advisories/2009/0944

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6251

Details

Source: MITRE

Published: 2009-04-06

Updated: 2017-09-29

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:server:2.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*

Tenable Plugins

View all (3 total)

IDNameProductFamilySeverity
62383GLSA-201209-25 : VMware Player, Server, Workstation: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
40390VMSA-2009-0005 : VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issuesNessusVMware ESX Local Security Checks
high
36117VMware Products Multiple Vulnerabilities (VMSA-2009-0005/VMSA-2009-0007)NessusWindows
high