VMnc Media Codec Multiple Heap Overflows (VMSA-2009-0012)
High Nessus Plugin ID 40907
SynopsisThe remote host contains an application that is affected by multiple heap overflow vulnerabilities.
DescriptionVMnc media codec is installed on the remote host. The codec is typically installed along with VMware Workstation, VMware Player, VMware ACE or in its standalone configuration by installing VMware Workstation Movie Decoder and is required to play movies recorded with VMware applications.
The installed version is affected by multiple heap-based buffer overflow vulnerabilities. By tricking an user into opening a specially crafted video file with incorrect framebuffer parameters, an attacker may be able to exploit these vulnerabilities to trigger a denial of service condition or execute arbitrary code on the remote system.
SolutionUpgrade to :
- VMware Workstation 6.5.3 or higher.
- VMware Player 2.5.3 or higher.
- VMware Movie Decoder 6.5.3 or higher (if used in standalone configuration).