VMware Workstation Movie Decoder VMnc Codec Vulnerabilities
RISK: Medium Risk
Two vulnerabilities have been identified in VMware Workstation Movie Decoder, which could be exploited by attackers to potentially compromise a vulnerable system.
1. A heap overflow error in the VMnc codec (vmnc.dll) when processing a video file with mismatched dimensions, which could be exploited to potentially execute arbitrary code by tricking a user into opening a malicious video.
2. A heap corruption error in the VMnc codec (vmnc.dll) when processing a video with a height of less than 8 pixels, which could be exploited to potentially execute arbitrary code by tricking a user into opening a malicious video.
Impact
- Remote Code Execution
System / Technologies affected
- VMware Workstation Movie Decoder versions prior to 6.5.3 build 185404
- VMware Movie Decoder versions prior to 6.5.3 Build 185404
- VMware Workstation versions prior to 6.5.3 Build 185404
- VMware Player versions prior to 2.5.3 build 185404
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Upgrade to VMware Workstation Movie Decoder version 6.5.3 build 185404 :
http://download3.vmware.com/software/wkst/VMware-moviedecoder-6.5.3-185404.exeUpgrade to VMware Workstation version 6.5.3 build 185404 :
http://www.vmware.com/support/ws65/doc/releasenotes_ws653.htmlUpgrade to VMware Player version 6.5.3 build 185404 :
http://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe
Vulnerability Identifier
Source
Related Link
Share with