iDefense Security Advisory 04.09.10 – Remote exploitation of a heap-based buffer overflow vulnerability in VMware Inc.’s movie decoder allows attackers to execute arbitrary code. This vulnerability exists due to a lack of input validation when processing certain specially crafted Audio-Video Interleave (AVI) files. During processing, a heap buffer will be allocated based on one part of the AVI file data. However, the amount of data copied into that buffer is calculated based on a different part of the file. This leads to an exploitable heap-based buffer overflow condition.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/88232/04.09.10-1.txt
Source: https://packetstormsecurity.com/files/88232/iDEFENSE-Security-Advisory-2010-04-09.1.html