CVE-2009-0910: Buffer Overflow
First published: Mon Apr 06 2009(Updated: )
Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-436.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware ACE | =2.5.1 | |
| VMware Player | =2.5.1 | |
| VMware Workstation | =6.5.1 | |
| VMware Server | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.vmware.com/pipermail/security-announce/2009/000054.html
- http://seclists.org/fulldisclosure/2009/Apr/0036.html
- http://www.securityfocus.com/bid/34373
- http://www.securitytracker.com/id?1021974
- http://www.vmware.com/security/advisories/VMSA-2009-0005.html
- http://www.vupen.com/english/advisories/2009/0944
- http://security.gentoo.org/glsa/glsa-201209-25.xml
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5786
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-historical
- collector/nvd-index
- vendor/vmware
- canonical/vmware ace
- version/vmware ace/2.5.1
- canonical/vmware player
- version/vmware player/2.5.1
- canonical/vmware workstation
- version/vmware workstation/6.5.1
- canonical/vmware server
- version/vmware server/2.0