VMware Movie Decoder < 9.0 Path Subversion Arbitrary DLL Injection Code Execution (VMSA-2012-0014)

Medium Nessus Plugin ID 63113


The movie decoder installed on the remote Windows host is affected by a DLL loading vulnerability.


The version of VMware Movie Decoder installed on the remote host is earlier than 9.0 and is, therefore, affected by a DLL loading vulnerability.

This issue potentially allows for a local attacker to execute custom code by writing a malicious executable into the same directory as the VMware Movie Installer.


Upgrade to VMware Movie Decoder 9.0 or later.

See Also



Plugin Details

Severity: Medium

ID: 63113

File Name: vmware_movie_decoder_9_0.nasl

Version: $Revision: 1.2 $

Type: local

Agent: windows

Family: Windows

Published: 2012/11/30

Modified: 2012/12/02

Dependencies: 63112

Risk Information

Risk Factor: Medium


Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:vmware:movie_decoder

Required KB Items: SMB/VMware Movie Decoder/Installed

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2012/10/04

Vulnerability Publication Date: 2012/10/04

Reference Information

CVE: CVE-2012-4897

BID: 55802

OSVDB: 85957

VMSA: 2012-0014