VMnc Media Codec Multiple Heap Overflows (VMSA-2009-0012)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains an application that is affected by multiple
heap overflow vulnerabilities.

Description :

VMnc media codec is installed on the remote host. The codec is
typically installed along with VMware Workstation, VMware Player,
VMware ACE or in its standalone configuration by installing VMware
Workstation Movie Decoder and is required to play movies recorded with
VMware applications.

The installed version is affected by multiple heap-based buffer
overflow vulnerabilities. By tricking an user into opening a specially
crafted video file with incorrect framebuffer parameters, an attacker
may be able to exploit these vulnerabilities to trigger a denial of
service condition or execute arbitrary code on the remote system.

See also :

http://www.vmware.com/security/advisories/VMSA-2009-0012.html

Solution :

Upgrade to :

- VMware Workstation 6.5.3 or higher.
- VMware Player 2.5.3 or higher.
- VMware Movie Decoder 6.5.3 or higher (if used in
standalone configuration).

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 40907 ()

Bugtraq ID: 36290

CVE ID: CVE-2009-0199
CVE-2009-2628

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now