CVE-2010-4294

critical VMware
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
6.1%
Exploitation probability in 30 days
Top 9% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: December 6, 2010 (5638 days ago)
Last Modified: April 29, 2026
Vendor: VMware
Source: NVD

Description

The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file.

CWE

CWE-94

Affected Products

vmware movie decodervmware workstationvmware playervmware server

References

🔗 lists.vmware.com 🔗 osvdb.org 🔗 secunia.com 🔗 www.securityfocus.com 🔗 www.securityfocus.com