CVE-2010-4294
Summary
| CVE | CVE-2010-4294 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-12-06 21:05:00 UTC |
| Updated | 2018-10-10 20:08:00 UTC |
| Description | The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file. |
Risk And Classification
Problem Types: CWE-94
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Microsoft | Windows | All | All | All | All |
| Operating System | Microsoft | Windows | All | All | All | All |
| Application | Vmware | Movie Decoder | 6.5.3 | All | All | All |
| Application | Vmware | Movie Decoder | 6.5.4 | All | All | All |
| Application | Vmware | Movie Decoder | 7.0 | All | All | All |
| Application | Vmware | Movie Decoder | 7.1.2 | All | All | All |
| Application | Vmware | Movie Decoder | 6.5.3 | All | All | All |
| Application | Vmware | Movie Decoder | 6.5.4 | All | All | All |
| Application | Vmware | Movie Decoder | 7.0 | All | All | All |
| Application | Vmware | Movie Decoder | 7.1.2 | All | All | All |
| Application | Vmware | Movie Decoder | All | All | All | All |
| Application | Vmware | Player | 2.5 | All | All | All |
| Application | Vmware | Player | 2.5.1 | All | All | All |
| Application | Vmware | Player | 2.5.2 | All | All | All |
| Application | Vmware | Player | 2.5.3 | All | All | All |
| Application | Vmware | Player | 2.5.4 | All | All | All |
| Application | Vmware | Player | 2.5.5 | All | All | All |
| Application | Vmware | Player | 3.0 | All | All | All |
| Application | Vmware | Player | 3.0.1 | All | All | All |
| Application | Vmware | Player | 3.1 | All | All | All |
| Application | Vmware | Player | 3.1.1 | All | All | All |
| Application | Vmware | Player | 3.1.2 | All | All | All |
| Application | Vmware | Player | 2.5 | All | All | All |
| Application | Vmware | Player | 2.5.1 | All | All | All |
| Application | Vmware | Player | 2.5.2 | All | All | All |
| Application | Vmware | Player | 2.5.3 | All | All | All |
| Application | Vmware | Player | 2.5.4 | All | All | All |
| Application | Vmware | Player | 2.5.5 | All | All | All |
| Application | Vmware | Player | 3.0 | All | All | All |
| Application | Vmware | Player | 3.0.1 | All | All | All |
| Application | Vmware | Player | 3.1 | All | All | All |
| Application | Vmware | Player | 3.1.1 | All | All | All |
| Application | Vmware | Player | 3.1.2 | All | All | All |
| Application | Vmware | Server | 2.0.0 | All | All | All |
| Application | Vmware | Server | 2.0.1 | All | All | All |
| Application | Vmware | Server | 2.0.2 | All | All | All |
| Application | Vmware | Server | 2.0.0 | All | All | All |
| Application | Vmware | Server | 2.0.1 | All | All | All |
| Application | Vmware | Server | 2.0.2 | All | All | All |
| Application | Vmware | Workstation | 6.5.0 | All | All | All |
| Application | Vmware | Workstation | 6.5.1 | All | All | All |
| Application | Vmware | Workstation | 6.5.2 | All | All | All |
| Application | Vmware | Workstation | 6.5.3 | All | All | All |
| Application | Vmware | Workstation | 6.5.4 | All | All | All |
| Application | Vmware | Workstation | 6.5.5 | All | All | All |
| Application | Vmware | Workstation | 7.0 | All | All | All |
| Application | Vmware | Workstation | 7.0.1 | All | All | All |
| Application | Vmware | Workstation | 7.1 | All | All | All |
| Application | Vmware | Workstation | 7.1.1 | All | All | All |
| Application | Vmware | Workstation | 7.1.2 | All | All | All |
| Application | Vmware | Workstation | 6.5.0 | All | All | All |
| Application | Vmware | Workstation | 6.5.1 | All | All | All |
| Application | Vmware | Workstation | 6.5.2 | All | All | All |
| Application | Vmware | Workstation | 6.5.3 | All | All | All |
| Application | Vmware | Workstation | 6.5.4 | All | All | All |
| Application | Vmware | Workstation | 6.5.5 | All | All | All |
| Application | Vmware | Workstation | 7.0 | All | All | All |
| Application | Vmware | Workstation | 7.0.1 | All | All | All |
| Application | Vmware | Workstation | 7.1 | All | All | All |
| Application | Vmware | Workstation | 7.1.1 | All | All | All |
| Application | Vmware | Workstation | 7.1.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| VMware Movie Decoder VMnc Codec (CVE-2010-4294) Heap Memory Corruption Vulnerability | BID | www.securityfocus.com | |
| SecurityTracker.com Archives - VMware Movie Decoder Heap Overflow in Decompression Routine Lets Remote Users Execute Arbitrary Code | SECTRACK | www.securitytracker.com | |
| VMware Server Multiple Vulnerabilities - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| 69596 | OSVDB | osvdb.org | |
| VMSA-2010-0018 | CONFIRM | www.vmware.com | Vendor Advisory |
| [Security-announce] VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues | MLIST | lists.vmware.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.