CVE-2009-0909

critical VMware
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
3.9%
Exploitation probability in 30 days
Top 12% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: April 6, 2009 (6247 days ago)
Last Modified: April 23, 2026
Vendor: VMware
Source: NVD

Description

Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435.

CWE

CWE-119

Affected Products

vmware acevmware playervmware servervmware workstation

References

🔗 lists.vmware.com 🔗 seclists.org 🔗 security.gentoo.org 🔗 www.securityfocus.com 🔗 www.securitytracker.com