CVE-2010-4294
Summary
| CVE | CVE-2010-4294 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-12-06 21:05:49 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:M/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Microsoft | Windows | All | All | All | All |
| Application | Vmware | Movie Decoder | 6.5.3 | All | All | All |
| Application | Vmware | Movie Decoder | 6.5.4 | All | All | All |
| Application | Vmware | Movie Decoder | 7.0 | All | All | All |
| Application | Vmware | Movie Decoder | 7.1.2 | All | All | All |
| Application | Vmware | Movie Decoder | All | All | All | All |
| Application | Vmware | Workstation | 6.5.0 | All | All | All |
| Application | Vmware | Workstation | 6.5.1 | All | All | All |
| Application | Vmware | Workstation | 6.5.2 | All | All | All |
| Application | Vmware | Workstation | 6.5.3 | All | All | All |
| Application | Vmware | Workstation | 6.5.4 | All | All | All |
| Application | Vmware | Workstation | 6.5.5 | All | All | All |
| Application | Vmware | Workstation | 7.0 | All | All | All |
| Application | Vmware | Workstation | 7.0.1 | All | All | All |
| Application | Vmware | Workstation | 7.1 | All | All | All |
| Application | Vmware | Workstation | 7.1.1 | All | All | All |
| Application | Vmware | Workstation | 7.1.2 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Vendor Advisory |
| osvdb.org/69596 | af854a3a-2127-422b-91ae-364da2661108 | osvdb.org | |
| VMSA-2010-0018 | af854a3a-2127-422b-91ae-364da2661108 | www.vmware.com | Vendor Advisory |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| [Security-announce] VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues | af854a3a-2127-422b-91ae-364da2661108 | lists.vmware.com | |
| VMware Movie Decoder VMnc Codec (CVE-2010-4294) Heap Memory Corruption Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| SecurityTracker.com Archives - VMware Movie Decoder Heap Overflow in Decompression Routine Lets Remote Users Execute Arbitrary Code | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| VMware Server Multiple Vulnerabilities - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.