Secunia Research has discovered two vulnerabilities in multiple VMWare products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused by two integer truncation errors in vmnc.dll when processing HexTile encoded video chunks and can be exploited to cause heap-based buffer overflows. Successful exploitation may allow execution of arbitrary code by tricking a user into opening a specially crafted AVI file.
2dfce36a8cb16e4454aed3c8b3138b1e05a792d019a2fc275906b4da34add4a7