CVE-2009-0909

CWE-119 — Buffer Overflow4 documents4 sources

Severity

9.3CRITICAL

EPSS

3.9%

top 11.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware ACE Vmware Player Vmware Server +1 more

Timeline

PublishedApr 6

Latest updateMay 2

Description

Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDvmware/player2.5.1

▶NVDvmware/server2.0

▶NVDvmware/workstation6.5.1

▶NVDvmware/ace2.5.1

Patches

Patch: lists.vmware.com ↗Patch: seclists.org ↗Patch: lists.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-pwwh-5hg7-cxj9: Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6↗2022-05-02

▶

CVEList

CVE-2009-0909: Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6↗2009-04-06

▶