VMware VMnc AVI video codec image height heap overflow


"Several VMware products include the ability to create and play movies
of running virtual machines. The codec used in these movies is called
VMnc, which is based on the VNC RFB protocol. The VMnc decoder is
provided by the file vmnc.dll. The VMnc codec fails to properly handle
video content with a specified height of less than 8 pixels. This flaw
can lead to heap memory corruption. The vulnerable code in vmnc.dll may
be reached via Windows applications that supports the DirectShow API."

"This issue is addressed in VMware Movie Decoder 6.5.3, Workstation
6.5.3, Player 6.5.3, and ACE 2.5.3. Details for obtaining these versions
are available in VMware Security Advisory VMSA-2009-0012."

"If you are unable to apply an update, this vulnerability can be
mitigated by removing the vmnc.dll file. Note that this will prevent a
system from being able to play VMnc codec AVI files."

Severity 4: This vulnerability poses a risk to a user, or smaller group.
If left unfixed, it could grow larger or spread to other groups/users.

Priority 3: This vulnerability has not yet been exploited at the
Institute. The probability of exploitation is medium and there may be
discussion about the vulnerability in security circles.