CVE-2009-1564 Information

Description

Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459 VMware Player 2.5.x before 2.5.4 build 246459 and VMware Server 2.x on Windows allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding.

Reference

http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=866 http://lists.vmware.com/pipermail/security-announce/2010/000090.html http://osvdb.org/63614 http://secunia.com/advisories/36712 http://secunia.com/advisories/39206 http://secunia.com/advisories/39215 http://secunia.com/secunia_research/2009-36/ http://www.securityfocus.com/bid/39363 http://www.securitytracker.com/id?1023838 http://www.vmware.com/security/advisories/VMSA-2010-0007.html