RCE in Microsoft Windows

CVE-2010-4294

The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Wind…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.061 (90.9th percentile) — read the EPSS interpretation.

Affected products

Microsoft Windows
Vmware Movie_decoder — versions 7.0, 6.5.4, 6.5.3
Vmware Player — versions 2.5.2, 3.1.1, 3.1.2
Vmware Server — versions 2.0.1, 2.0.2, 2.0.0
Vmware Workstation — versions 7.0, 6.5.0, 7.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

[security-announce] 20101202 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
45169 (vdb-entry, x_refsource_BID)
20101203 VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues (mailing-list, x_refsource_BUGTRAQ)
69596 (x_refsource_OSVDB, vdb-entry)
1024819 (vdb-entry, x_refsource_SECTRACK)
42482 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
ADV-2010-3116 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)