Executive Summary
Summary | |
---|---|
Title | Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986) |
Informations | |||
---|---|---|---|
Name | MS07-049 | First vendor Publication | 2007-08-14 |
Vendor | Microsoft | Last vendor Modification | 2007-08-14 |
Severity (Vendor) | Important | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
This important security update resolves one privately reported vulnerability. This is an elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating systems. Only guest operating system users who are granted administrative permissions to the guest operating system would be able to exploit this vulnerability. Guest operating system users not granted administrative permissions to the guest operating system would be unable to exploit this vulnerability. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/ms07-049.mspx |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1259 | |||
Oval ID: | oval:org.mitre.oval:def:1259 | ||
Title: | Virtual PC and Virtual Server Heap Overflow Vulnerability | ||
Description: | Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-0948 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 | Product(s): | Microsoft Virtual Server 2005 Microsoft Virtual PC 2004 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 | |
Application | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
36389 | Microsoft Virtual PC Guest Administrator Unspecified Local Privilege Escalation |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2007-08-16 | IAVM : 2007-T-0031 - Microsoft Virtual PC and Virtual Server Elevation of Privilege Vulnerability Severity : Category II - VMSKEY : V0014835 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-08-16 | Name : A user can elevate his privileges on the virtual system. File : smb_nt_ms07-049.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:45:45 |
|
2013-11-11 12:41:06 |
|
2013-05-11 12:22:03 |
|