CVE-2010-4294

CWE-94 — Code Injection3 documents3 sources

Severity

9.3CRITICAL

EPSS

6.1%

top 9.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Movie Decoder Vmware Player Vmware Server +1 more

Timeline

PublishedDec 6

Latest updateMay 14

Description

The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of …

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDvmware/movie_decoder6.5.5+4

▶NVDvmware/player11 versions+10

▶NVDvmware/server2.0.0, 2.0.1, 2.0.2+2

▶NVDvmware/workstation11 versions+10

🔴Vulnerability Details

GHSA

GHSA-2q9v-9rr4-w95c: The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6↗2022-05-14

▶

CVEList

CVE-2010-4294: The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6↗2010-12-06

▶