CVE-2009-2628

{"id": "CVE-2009-2628", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-09-08T22:30:00.483", "references": [{"url": "http://lists.vmware.com/pipermail/security-announce/2009/000065.html", "tags": ["Patch"], "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/34938", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/444513", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/archive/1/506286/100/0/threaded", "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/36290", "tags": ["Patch"], "source": "cret@cert.org"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2009-0012.html", "tags": ["Patch", "Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2009/2553", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://lists.vmware.com/pipermail/security-announce/2009/000065.html", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/34938", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/444513", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/506286/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/36290", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2009-0012.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2009/2553", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption."}, {"lang": "es", "value": "El codec multimedia VMnc en vmnc.dll en VMware Movie Decoder anterior a v6.5.3 build 185404, VMware Workstation v6.5.x anterior a v6.5.3 build 185404, VMware Player v2.5.x anterior a v2.5.3 build 185404 y VMware ACE v2.5.x anterior a v2.5.3 build 185404 sobre Windows, no maneja adecuadamente determinados tama\u00f1os de altura en el contenido de video, lo que podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo AVI manipulado que provocar\u00eda un corrupci\u00f3n de memoria."}], "lastModified": "2024-11-21T01:05:20.003", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886"}, {"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528"}, {"criteria": "cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E62960B2-91AE-4DD7-8085-9BA6BCB84473"}, {"criteria": "cpe:2.3:a:vmware:movie_decoder:6.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE79F3F7-A21A-4CAA-BB0D-2955299EE8E0"}, {"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02"}, {"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC"}, {"criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D"}, {"criteria": "cpe:2.3:a:vmware:workstation:6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFC6B629-30B3-4C45-B5E9-1B4310F186FD"}, {"criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F"}, {"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627"}, {"criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}