Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-4294 | First vendor Publication | 2010-12-06 |
Vendor | Cve | Last vendor Modification | 2018-10-10 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4294 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-03-16 | Name : VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple securi... File : nvt/gb_VMSA-2010-0018.nasl |
2010-12-13 | Name : VMware Products Memory Corruption and Buffer Overflow Vulnerability (Win) File : nvt/gb_vmware_prdts_mem_corruption_n_bof_vuln_win.nasl |
2010-12-13 | Name : VMware Products Multiple Local Privilege Escalation Vulnerabilities (Linux) File : nvt/gb_vmware_prdts_mult_loc_prev_escl_vuln_lin.nasl |
2010-12-13 | Name : VMware Products Tools Local Privilege Escalation Vulnerability (Linux) File : nvt/gb_vmware_prdts_tools_loc_prev_escl_vuln_lin.nasl |
2010-12-13 | Name : VMware Products Tools Local Privilege Escalation Vulnerability (Windows) File : nvt/gb_vmware_prdts_tools_loc_prev_escl_vuln_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69596 | VMware Multiple Products VMnc Decoder Frame Decompression Memory Corruption A memory corruption flaw exists in VMWare Movie Decoder, Workstation, and Player. The decoder frame decompression of the VMnc codec fails to sanitize user-supplied input resulting in heap memory corruption. With a specially crafted file or page, a context-dependent attacker can execute arbitrary code. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-12-09 | IAVM : 2010-A-0168 - Multiple Vulnerabilities in VMware Products Severity : Category II - VMSKEY : V0025835 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0018_remote.nasl - Type : ACT_GATHER_INFO |
2010-12-08 | Name : The remote host has an application that is affected by a security issue. File : macosx_fusion_2_0_8.nasl - Type : ACT_GATHER_INFO |
2010-12-08 | Name : The remote host has an application that is affected by three security issues. File : macosx_fusion_3_1_2.nasl - Type : ACT_GATHER_INFO |
2010-12-07 | Name : The remote host has a virtualization application affected by multiple vulnera... File : vmware_multiple_vmsa_2010_0018.nasl - Type : ACT_GATHER_INFO |
2010-12-06 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0018.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2020-05-23 01:43:04 |
|
2020-05-23 00:26:56 |
|
2018-10-11 00:20:00 |
|
2016-06-28 18:22:51 |
|
2016-04-26 20:14:40 |
|
2014-02-17 10:58:39 |
|
2013-11-11 12:39:05 |
|
2013-05-10 23:37:16 |
|