9.3
CVE-2009-0199
- EPSS 10.86%
- Published 08.09.2009 22:30:00
- Last modified 09.04.2025 00:30:58
- Source PSIRT-CNA@flexerasoftware.com
- Teams watchlist Login
- Open Login
Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters).
Data is provided by the National Vulnerability Database (NVD)
VMware ≫ Movie Decoder Version6.5.3
VMware ≫ Workstation Version6.5
VMware ≫ Workstation Version6.5.0
VMware ≫ Workstation Version6.5.1
VMware ≫ Workstation Version6.5.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.86% | 0.927 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.