Detections
Analytics
VMware Movie Decoder < 9.0 Path Subversion Arbitrary DLL Injection Code Execution (VMSA-2012-0014)
medium Nessus Plugin ID 63113
Language:
Synopsis
The movie decoder installed on the remote Windows host is affected by a DLL loading vulnerability.Description
The version of VMware Movie Decoder installed on the remote host is earlier than 9.0 and is, therefore, affected by a DLL loading vulnerability.This issue potentially allows for a local attacker to execute custom code by writing a malicious executable into the same directory as the VMware Movie Installer.
Solution
Upgrade to VMware Movie Decoder 9.0 or later.See Also
https://www.vmware.com/security/advisories/VMSA-2012-0014.html
http://lists.vmware.com/pipermail/security-announce/2012/000192.html
Plugin Details
Severity: Medium
ID: 63113
File Name: vmware_movie_decoder_9_0.nasl
Version: 1.3
Type: local
Agent: windows
Family: Windows
Published: 11/30/2012
Updated: 8/6/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.9
Temporal Score: 5.1
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:vmware:movie_decoder
Required KB Items: SMB/VMware Movie Decoder/Installed
Exploit Ease: No known exploits are available
Patch Publication Date: 10/4/2012
Vulnerability Publication Date: 10/4/2012
Reference Information
CVE: CVE-2012-4897
BID: 55802
VMSA: 2012-0014