vulnerable installations of multiple VMWare products. User interaction
is required in that a user must visit a malicious web page or open a
malicious video file.
Upon installation VMWare Workstation, Server, Player, and ACE register
vmnc.dll as a video codec driver to handle compression and decompression
of the fourCC type 'VMnc'. This format is used primarily by Workstation
to capture remote framebuffer recordings of sessions within a virtual
machine. The resulting video is stored within an AVI container file.
While playing back such files the function responsible for handling
ICM_DECOMPRESS driver messages implicitly trusts a size value while
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 08, 2009
I. BACKGROUND
Indeo Video is a video codec developed by Intel and included in
Microsoft Windows. For more information about Indeo codec, please the
visit following website:
http://ligos.com/index.php/home/products/indeo/
II. DESCRIPTION
possibly allowing for the remote execution of arbitrary code.
Background
==========
Xvid is a popular open source video codec licensed under the GPL.
Affected packages
=================
-------------------------------------------------------------------
- - the Vorbis audio codec
- - the Ogg container implementation
- - the FF Video 1 codec
- - the MPEG audio codec
- - the H264 video codec
- - the MOV container implementation
- - the Oggedc container implementation
For the stable distribution (lenny), these problems have been fixed in
version 0.svn20080206-18+lenny1.
vulnerable installations of multiple VMWare products. User interaction
is required in that a user must visit a malicious web page or open a
malicious video file.
Upon installation VMWare Workstation, Server, Player, and ACE register
vmnc.dll as a video codec driver to handle compression and decompression
of the fourCC type 'VMnc'. This format is used primarily by Workstation
to capture remote framebuffer recordings of sessions within a virtual
machine. The resulting video is essentially a recorded session of VNC's
RFB protocol. In VMWare's implementation the stream consists solely of
FrameBufferUpdate messages (message type 0). However, if the message
vulnerable installations of Apple QuickTime. User interaction is
required to exploit this vulnerability in that the target must open a
malicious file.
The specific flaw exists in the handling of movie data encoded using the
Cinepak Video Codec. When parsing the data in the MDAT atom, there
exists a signedness error which leads to a heap overflow. When this
occurs it can be further leveraged to execute arbitrary code under the
context of the current user.
-- Vendor Response:
