Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0909

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-0909
Last Modified 14 May 2013 10:55:03
Published 06 Apr 2009 11:30:04
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0909

Summary

Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435.

Vulnerable Systems

Application

  • Vmware Ace 2.5.1

  • Vmware Player 2.5.1

  • Vmware Server 2.0

  • Vmware Workstation 6.5.1


References

FULLDISC - 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues

MLIST - [security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues

VUPEN - ADV-2009-0944

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0005.html

SECTRACK - 1021974

BID - 34373

GENTOO - GLSA-201209-25


Last Updated: 27 May 2016 11:02:24