CVE-2010-4294:movie_decoder, workstation, player, server: The frame decompression functionality in the VMnc m...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-4294

movie_decoder, workstation, player, server: The frame decompression functionality in the VMnc m...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4294

Original

The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial ...

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-12-06

Source Information Category:

Advisory, Alert

Last Updated:

2010-12-07

Affected Product Tags

cpe:/a:vmware:movie_decoder:6.5.3

cpe:/a:vmware:movie_decoder:6.5.4 and previous versions

cpe:/a:vmware:movie_decoder:7

cpe:/a:vmware:player:2.5

cpe:/a:vmware:player:2.5.1

cpe:/a:vmware:player:2.5.2

cpe:/a:vmware:player:2.5.2_build_156735

cpe:/a:vmware:player:2.5.3

cpe:/a:vmware:player:2.5.4

cpe:/a:vmware:player:3.0

cpe:/a:vmware:player:3.0.1

cpe:/a:vmware:player:3.1

cpe:/a:vmware:player:3.1.1

cpe:/a:vmware:server:2.0.0

cpe:/a:vmware:server:2.0.1

cpe:/a:vmware:server:2.0.2

cpe:/a:vmware:workstation:6.5

cpe:/a:vmware:workstation:6.5.0

cpe:/a:vmware:workstation:6.5.1

cpe:/a:vmware:workstation:6.5.2

cpe:/a:vmware:workstation:6.5.2_build_156735

cpe:/a:vmware:workstation:6.5.3

cpe:/a:vmware:workstation:6.5.4

cpe:/a:vmware:workstation:7.0

cpe:/a:vmware:workstation:7.0.1

cpe:/a:vmware:workstation:7.1

cpe:/a:vmware:workstation:7.1.1

cpe:/o:microsoft:windows

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM http://www.vmware.com/security/advisories/VMSA-2010-0018.html

MLIST [security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues

Vulnerability Type Input Validation (CWE-20)