1. Home
  2. CVE Database
  3. CVE-2010-4294
HIGH · 9.3

CVE-2010-4294

The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 an...

Vulnerability Description

The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
VmwareMovie Decoder<= 6.5.5
MicrosoftWindowsAll versions
VmwareWorkstation6.5.0
VmwarePlayer2.5
VmwareServer2.0.0

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2010-4294?

CVE-2010-4294 is a vulnerability with a CVSS score of 9.3 (HIGH). The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 an...

How severe is CVE-2010-4294?

CVE-2010-4294 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-4294?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Movie Decoder, Microsoft Windows, Vmware Workstation, Vmware Player, Vmware Server.