Executive Summary

Summary
Title Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
Informations
Name MS07-049 First vendor Publication 2007-08-14
Vendor Microsoft Last vendor Modification 2007-08-14
Severity (Vendor) Important Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

This important security update resolves one privately reported vulnerability. This is an elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating systems. Only guest operating system users who are granted administrative permissions to the guest operating system would be able to exploit this vulnerability. Guest operating system users not granted administrative permissions to the guest operating system would be unable to exploit this vulnerability.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/ms07-049.mspx

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1259
 
Oval ID: oval:org.mitre.oval:def:1259
Title: Virtual PC and Virtual Server Heap Overflow Vulnerability
Description: Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
Family: windows Class: vulnerability
Reference(s): CVE-2007-0948
 Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
 Product(s): Microsoft Virtual Server 2005
Microsoft Virtual PC 2004
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3
Application 2

Open Source Vulnerability Database (OSVDB)

Id Description
36389 Microsoft Virtual PC Guest Administrator Unspecified Local Privilege Escalation

Information Assurance Vulnerability Management (IAVM)

Date Description
2007-08-16 IAVM : 2007-T-0031 - Microsoft Virtual PC and Virtual Server Elevation of Privilege Vulnerability
Severity : Category II - VMSKEY : V0014835

Nessus® Vulnerability Scanner

Date Description
2007-08-16 Name : A user can elevate his privileges on the virtual system.
File : smb_nt_ms07-049.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2014-02-17 11:45:45
  • Multiple Updates
2013-11-11 12:41:06
  • Multiple Updates
2013-05-11 12:22:03
  • Multiple Updates