cve-2010-4294
Vulnerability from cvelistv5
Published
2010-12-06 21:00
Modified
2024-08-07 03:43
Severity ?
Summary
The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T03:43:14.430Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.vmware.com/pipermail/security-announce/2010/000112.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.vmware.com/security/advisories/VMSA-2010-0018.html",
               },
               {
                  name: "45169",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/45169",
               },
               {
                  name: "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/514995/100/0/threaded",
               },
               {
                  name: "69596",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/69596",
               },
               {
                  name: "1024819",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1024819",
               },
               {
                  name: "42482",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/42482",
               },
               {
                  name: "ADV-2010-3116",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/3116",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2010-12-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-10T18:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.vmware.com/pipermail/security-announce/2010/000112.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.vmware.com/security/advisories/VMSA-2010-0018.html",
            },
            {
               name: "45169",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/45169",
            },
            {
               name: "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/514995/100/0/threaded",
            },
            {
               name: "69596",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/69596",
            },
            {
               name: "1024819",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1024819",
            },
            {
               name: "42482",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/42482",
            },
            {
               name: "ADV-2010-3116",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/3116",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2010-4294",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
                     refsource: "MLIST",
                     url: "http://lists.vmware.com/pipermail/security-announce/2010/000112.html",
                  },
                  {
                     name: "http://www.vmware.com/security/advisories/VMSA-2010-0018.html",
                     refsource: "CONFIRM",
                     url: "http://www.vmware.com/security/advisories/VMSA-2010-0018.html",
                  },
                  {
                     name: "45169",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/45169",
                  },
                  {
                     name: "20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/514995/100/0/threaded",
                  },
                  {
                     name: "69596",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/69596",
                  },
                  {
                     name: "1024819",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1024819",
                  },
                  {
                     name: "42482",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/42482",
                  },
                  {
                     name: "ADV-2010-3116",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2010/3116",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2010-4294",
      datePublished: "2010-12-06T21:00:00",
      dateReserved: "2010-11-18T00:00:00",
      dateUpdated: "2024-08-07T03:43:14.430Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:movie_decoder:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.5.5\", \"matchCriteriaId\": \"88CDD5BD-D31E-4C47-81B6-674DD61263CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:movie_decoder:6.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE79F3F7-A21A-4CAA-BB0D-2955299EE8E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:movie_decoder:6.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"91A02B59-86A1-4C48-AF2D-A7A05B9B75EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:movie_decoder:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B55938DF-073D-4D0E-822B-B6D122511EF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:movie_decoder:7.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6375DE2F-5D82-432F-8C2E-1AD5590801EE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E8F3BFF-676B-4E2C-98BA-DCA71E49060F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3E658DA-56E8-49F0-B486-4EF622B63627\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"541D77A2-99C5-4CDB-877F-7E83E1E3369E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6B53C0A-5A0C-4168-8AD3-F3E957AE8919\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:6.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3684F0D0-B8BE-442B-AA27-0A485E6BFFAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:6.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A172221-19AB-4F7D-AA28-94AD5A6EFBF1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB33DBC9-3B63-457E-A353-B9E7378211AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34F436D4-B7B7-43CB-A2BD-C5E791F7E3C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF53DB66-4C79-47BB-AABD-6DCE2EF98E1E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13A31E93-7671-492E-A78F-89CF4703B04D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99ADA116-A571-4788-8DF2-09E8A2AF92F4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE944A70-CB9C-4712-9802-509531396A02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62DA49FA-6657-45B5-BF69-D3A03BA62A4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"949C3917-4D7E-4B51-A872-BFBECB4D2CB2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:2.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"656039E8-8082-4208-B046-518D95769B25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:2.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80003D5E-B63F-4635-94ED-706375A4F86F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F747AC1-E163-41A4-BAC7-FDF46F4057D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A115959-9CDA-45ED-9002-BA1A31074E81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C158CD97-41BA-4422-9A55-B1A8650A0900\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"477D5F22-7DDD-461D-9CD1-2B2A968F6CB7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:3.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C174C452-7249-4B26-9F26-DFE9B3476874\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A2543D5-AE09-4E90-B27E-95075BE4ACBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6CFDD84-A482-42C2-B43F-839F4D7F1130\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E565F23-AEEE-41A4-80EC-01961AD5560E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file.\"}, {\"lang\": \"es\", \"value\": \"La funcionalidad de descompresi\\u00f3n de tramas (\\\"frames\\\") en el codec VMnc media de VMware Movie Decoder en versiones anteriores a la 6.5.5 build 328052 y 7.x anteriores a la 7.1.2 build 301548, VMware Workstation 6.5.x anteriores a la 6.5.5 build 328052 y 7.x anteriores a la 7.1.2 build 301548 en Windows, VMware Player 2.5.x anteriores a la 2.5.5 build 246459 y 3.x anteriores a la 3.1.2 build 301548 en Windows, y VMware Server 2.x en Windows no valida apropiadamente un campo de tama\\u00f1o sin especificar, lo que permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n o provocar una denegaci\\u00f3n de servicio (corrupci\\u00f3n de la memoria din\\u00e1mica) a trav\\u00e9s de un archivo de v\\u00eddeo modificado.\"}]",
         id: "CVE-2010-4294",
         lastModified: "2024-11-21T01:20:37.520",
         metrics: "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
         published: "2010-12-06T21:05:49.373",
         references: "[{\"url\": \"http://lists.vmware.com/pipermail/security-announce/2010/000112.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/69596\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/42482\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/514995/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/45169\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1024819\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2010-0018.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/3116\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.vmware.com/pipermail/security-announce/2010/000112.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/69596\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/42482\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/514995/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/45169\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1024819\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2010-0018.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/3116\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
         sourceIdentifier: "cve@mitre.org",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2010-4294\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-12-06T21:05:49.373\",\"lastModified\":\"2024-11-21T01:20:37.520\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file.\"},{\"lang\":\"es\",\"value\":\"La funcionalidad de descompresión de tramas (\\\"frames\\\") en el codec VMnc media de VMware Movie Decoder en versiones anteriores a la 6.5.5 build 328052 y 7.x anteriores a la 7.1.2 build 301548, VMware Workstation 6.5.x anteriores a la 6.5.5 build 328052 y 7.x anteriores a la 7.1.2 build 301548 en Windows, VMware Player 2.5.x anteriores a la 2.5.5 build 246459 y 3.x anteriores a la 3.1.2 build 301548 en Windows, y VMware Server 2.x en Windows no valida apropiadamente un campo de tamaño sin especificar, lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de la memoria dinámica) a través de un archivo de vídeo modificado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:movie_decoder:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.5.5\",\"matchCriteriaId\":\"88CDD5BD-D31E-4C47-81B6-674DD61263CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:movie_decoder:6.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE79F3F7-A21A-4CAA-BB0D-2955299EE8E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:movie_decoder:6.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91A02B59-86A1-4C48-AF2D-A7A05B9B75EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:movie_decoder:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B55938DF-073D-4D0E-822B-B6D122511EF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:movie_decoder:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6375DE2F-5D82-432F-8C2E-1AD5590801EE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E8F3BFF-676B-4E2C-98BA-DCA71E49060F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3E658DA-56E8-49F0-B486-4EF622B63627\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"541D77A2-99C5-4CDB-877F-7E83E1E3369E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6B53C0A-5A0C-4168-8AD3-F3E957AE8919\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3684F0D0-B8BE-442B-AA27-0A485E6BFFAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A172221-19AB-4F7D-AA28-94AD5A6EFBF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB33DBC9-3B63-457E-A353-B9E7378211AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34F436D4-B7B7-43CB-A2BD-C5E791F7E3C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF53DB66-4C79-47BB-AABD-6DCE2EF98E1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13A31E93-7671-492E-A78F-89CF4703B04D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99ADA116-A571-4788-8DF2-09E8A2AF92F4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE944A70-CB9C-4712-9802-509531396A02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62DA49FA-6657-45B5-BF69-D3A03BA62A4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"949C3917-4D7E-4B51-A872-BFBECB4D2CB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"656039E8-8082-4208-B046-518D95769B25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:2.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80003D5E-B63F-4635-94ED-706375A4F86F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F747AC1-E163-41A4-BAC7-FDF46F4057D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A115959-9CDA-45ED-9002-BA1A31074E81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C158CD97-41BA-4422-9A55-B1A8650A0900\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"477D5F22-7DDD-461D-9CD1-2B2A968F6CB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C174C452-7249-4B26-9F26-DFE9B3476874\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A2543D5-AE09-4E90-B27E-95075BE4ACBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6CFDD84-A482-42C2-B43F-839F4D7F1130\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E565F23-AEEE-41A4-80EC-01961AD5560E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}],\"references\":[{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2010/000112.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/69596\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/42482\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/514995/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/45169\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1024819\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2010-0018.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/3116\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2010/000112.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/69596\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42482\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/514995/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/45169\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1024819\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2010-0018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/3116\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.