VMware Movie Decoder < 9.0 Path Subversion Arbitrary DLL Injection Code Execution (VMSA-2012-0014)

This script is Copyright (C) 2012 Tenable Network Security, Inc.

Synopsis :

The movie decoder installed on the remote Windows host is affected by a
DLL loading vulnerability.

Description :

The version of VMware Movie Decoder installed on the remote host is
earlier than 9.0 and is, therefore, affected by a DLL loading

This issue potentially allows for a local attacker to execute custom
code by writing a malicious executable into the same directory as the
VMware Movie Installer.

See also :


Solution :

Upgrade to VMware Movie Decoder 9.0 or later.

Risk factor :

Medium / CVSS Base Score : 6.9
CVSS Temporal Score : 5.1
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 63113 ()

Bugtraq ID: 55802

CVE ID: CVE-2012-4897

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now