VMware Hosted Products Integer Truncation Multiple Heap Buffer Overflow Vulnerabilities

Bugtraq ID:	39364
Class:	Boundary Condition Error
CVE:	CVE-2009-1565
Remote:	Yes
Local:	No
Published:	Apr 09 2010 12:00AM
Updated:	Apr 09 2010 12:00AM
Credit:	iDefense, Sebastien Renaud of VUPEN Vulnerability Research Team and Alin Rad Pop of Secunia Research
Vulnerable:	VMWare Workstation 6.5.3 VMWare Workstation 6.5.2 VMWare Workstation 6.5.1 VMWare Workstation 6.5 build 118166 VMWare Server 2.0.2 Build 203138 VMWare Server 2.0.2 VMWare Server 2.0.1 build 156745 VMWare Server 2.0.1 VMWare Server 2.0 VMWare Player 2.5.3 VMWare Player 2.5.2 VMWare Player 2.5.1 VMWare Player 2.5 build 118166 VMWare Movie Decoder 6.5.4
Not Vulnerable:

VMware Hosted Products Integer Truncation Multiple Heap Buffer Overflow Vulnerabilities

Multiple VMware products are prone to multiple heap-based buffer-overflow vulnerabilities.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 39345 (VMware Hosted Products VMSA-2010-0007 Multiple Remote Vulnerabilities) but has been assigned its own record to better document it.

VMware Hosted Products Integer Truncation Multiple Heap Buffer Overflow Vulnerabilities

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

VMware Hosted Products Integer Truncation Multiple Heap Buffer Overflow Vulnerabilities

Solution:
The vendor has released an advisory and patches. Please see the references for more information.

VMware Hosted Products Integer Truncation Multiple Heap Buffer Overflow Vulnerabilities

References:

• Secunia Research: VMWare VMnc Codec HexTile Encoding Two Integer Truncation Vuln (Secunia)
  
• VMware Homepage (VMware)