Search criteria
12 vulnerabilities found for virtual_pc by microsoft
FKIE_CVE-2010-1225
Vulnerability from fkie_nvd - Published: 2010-04-01 22:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | virtual_pc | 2007 | |
| microsoft | virtual_pc | 2007 | |
| microsoft | virtual_server | 2005 | |
| microsoft | virtual_server | 2005 | |
| microsoft | windows_virtual_pc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:virtual_pc:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "0E550D9F-C197-4EA1-A018-73C0E8B03E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:virtual_pc:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "98616FA1-76B2-40C1-806E-71A4D76CB5D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:virtual_server:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "3900BDEA-91E7-4534-8262-4A782BA9C19C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:virtual_server:2005:r2_sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5705C94-8B44-48D7-873B-1909FE2D020E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:windows_virtual_pc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45C4ADB8-E0D3-465D-9BBF-89F90453EC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because \"the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS.\""
},
{
"lang": "es",
"value": "La aplicaci\u00f3n de administraci\u00f3n de memoria en Virtual Machine Monitor (alias VMM o hipervisor) en Microsoft Virtual PC 2007 Gold y SP1 y Virtual Server 2005 Gold y R2 SP1 y Windows Virtual PC no restringe adecuadamente el acceso desde el sistema operativo huesped a lugares de memoria en el \u00e1rea de trabajo VMM, lo que permite a atacantes dependientes del contexto pasar por alto ciertos mecanismos de protecci\u00f3n contra la explotaci\u00f3n en el sistema operativo hu\u00e9sped mediante una entrada manipulada para una aplicaci\u00f3n vulnerable. NOTA: el fabricante considera que s\u00f3lo los sistemas con una aplicaci\u00f3n ya vulnerable se ven afectados, ya que \"las \u00e1reas de memoria accesibles desde el hu\u00e9sped no se pueden aprovechar para lograr bien la ejecuci\u00f3n remota de c\u00f3digo o bien la elevaci\u00f3n de privilegios y ... no hay datos del equipo anfitri\u00f3n expuestos al SO hu\u00e9sped. \""
}
],
"id": "CVE-2010-1225",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-01T22:30:00.327",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023720"
},
{
"source": "cve@mitre.org",
"url": "http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/38764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/38764"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1542
Vulnerability from fkie_nvd - Published: 2009-07-15 15:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | virtual_pc | 2004 | |
| microsoft | virtual_pc | 2007 | |
| microsoft | virtual_pc | 2007 | |
| microsoft | virtual_pc | 2007 | |
| microsoft | virtual_server | 2005 | |
| microsoft | virtual_server | 2005 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:virtual_pc:2004:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4B85AEB7-0AB3-4AFA-B589-74DF583225C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:virtual_pc:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "0E550D9F-C197-4EA1-A018-73C0E8B03E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:virtual_pc:2007:*:x64:*:*:*:*:*",
"matchCriteriaId": "F61DD9A1-A925-4FA3-BD6A-708F039F7F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:virtual_pc:2007:sp1:*:*:*:*:*:*",
"matchCriteriaId": "98616FA1-76B2-40C1-806E-71A4D76CB5D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:virtual_server:2005:r2_sp1:*:*:*:*:*:*",
"matchCriteriaId": "C5705C94-8B44-48D7-873B-1909FE2D020E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:virtual_server:2005:r2_sp1:x64:*:*:*:*:*",
"matchCriteriaId": "35C436EF-6A98-47F7-BA5E-2E4B8497045F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka \"Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability.\""
},
{
"lang": "es",
"value": "El Virtual Machine Monitor (VMM) en Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, no impone los requisitos de la CPU (privilege-level) para todas las instrucciones de la maquina, lo que permite a usuarios del sistema invitado (guest) ejecutar c\u00f3digo de su elecci\u00f3n en modo kernel (kernel -mode) y obtener privilegios dentro del sistema invitado a trav\u00e9s de aplicaciones manipuladas. Tambi\u00e9n conocido como \"Vulnerabilidad de decodificaci\u00f3n de instrucciones privilegiadas en Virtual PC y Virtual Server\"."
}
],
"id": "CVE-2009-1542",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-15T15:30:01.420",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://secunia.com/advisories/35808"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1022544"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2009/1890"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-0948
Vulnerability from fkie_nvd - Published: 2007-08-14 22:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | virtual_pc | 6.1 | |
| microsoft | virtual_pc | 7 | |
| microsoft | virtual_pc | 2004 | |
| microsoft | virtual_server | 2005 | |
| microsoft | virtual_server | 2005 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:virtual_pc:6.1:*:mac:*:*:*:*:*",
"matchCriteriaId": "CA6E4485-33D3-45FB-B8AA-7A7719FC3C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:virtual_pc:7:*:mac:*:*:*:*:*",
"matchCriteriaId": "19434341-D081-4E86-964E-BBAD8E6EA43C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:virtual_pc:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "1045B8CB-447F-4DFB-BC85-3B671F3E5E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:virtual_server:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "3900BDEA-91E7-4534-8262-4A782BA9C19C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:virtual_server:2005:r2:*:*:*:*:*:*",
"matchCriteriaId": "DF200B09-73C2-4CA3-81B3-68BBE4D8AA3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to \"interaction and initialization of components.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en Microsoft Virtual PC 2004 y PC para Mac 7.1 y 7, y Virtual Server 2005 y 2005 R2, permite a administradores del sistema operativo invitado local ejecutar c\u00f3digo de su elecci\u00f3n en el SO anfitri\u00f3n a trav\u00e9s de vectores no especificados relacionados con \"interacci\u00f3n e inicializaci\u00f3n de componentes\"."
}
],
"id": "CVE-2007-0948",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-08-14T22:17:00.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26444"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25298"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securitytracker.com/id?1018567"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"
},
{
"source": "secure@microsoft.com",
"url": "http://www.vupen.com/english/advisories/2007/2873"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-049"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1259"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0115
Vulnerability from fkie_nvd - Published: 2004-03-03 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | virtual_pc | 6.0 | |
| microsoft | virtual_pc | 6.1 | |
| microsoft | virtual_pc | 6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:virtual_pc:6.0:*:mac:*:*:*:*:*",
"matchCriteriaId": "3E796D72-A19C-4A97-AF39-5CA140FDE566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:virtual_pc:6.1:*:mac:*:*:*:*:*",
"matchCriteriaId": "CA6E4485-33D3-45FB-B8AA-7A7719FC3C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:virtual_pc:6.2:*:mac:*:*:*:*:*",
"matchCriteriaId": "9E42A77B-7792-4D25-8CD4-40F4C59A73A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file."
},
{
"lang": "es",
"value": "Microsoft Virtual PC para Mac, versi\u00f3nes 6.0 a 6.1 permite a atacantes locales ejecutar c\u00f3digo arbitrario con privilegios de sistema insertando c\u00f3digo malicioso en un fichero temporal."
}
],
"id": "CVE-2004-0115",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-03-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.atstake.com/research/advisories/2004/a021004-1.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/o-076.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3893"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9632"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-005"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.atstake.com/research/advisories/2004/a021004-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/o-076.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15113"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-1225 (GCVE-0-2010-1225)
Vulnerability from cvelistv5 – Published: 2010-04-01 22:00 – Updated: 2024-08-07 01:14
VLAI?
Summary
The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100316 CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug"
},
{
"name": "1023720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023720"
},
{
"name": "38764",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because \"the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20100316 CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug"
},
{
"name": "1023720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023720"
},
{
"name": "38764",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because \"the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100316 CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
},
{
"name": "http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug"
},
{
"name": "1023720",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023720"
},
{
"name": "38764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1225",
"datePublished": "2010-04-01T22:00:00",
"dateReserved": "2010-04-01T00:00:00",
"dateUpdated": "2024-08-07T01:14:06.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1542 (GCVE-0-2009-1542)
Vulnerability from cvelistv5 – Published: 2009-07-15 15:00 – Updated: 2024-08-07 05:20
VLAI?
Summary
The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:33.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1890",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1890"
},
{
"name": "35808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35808"
},
{
"name": "MS09-033",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033"
},
{
"name": "1022544",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022544"
},
{
"name": "TA09-195A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"name": "oval:org.mitre.oval:def:6166",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka \"Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ADV-2009-1890",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1890"
},
{
"name": "35808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35808"
},
{
"name": "MS09-033",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033"
},
{
"name": "1022544",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022544"
},
{
"name": "TA09-195A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"name": "oval:org.mitre.oval:def:6166",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-1542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka \"Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1890",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1890"
},
{
"name": "35808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35808"
},
{
"name": "MS09-033",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033"
},
{
"name": "1022544",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022544"
},
{
"name": "TA09-195A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"name": "oval:org.mitre.oval:def:6166",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-1542",
"datePublished": "2009-07-15T15:00:00",
"dateReserved": "2009-05-05T00:00:00",
"dateUpdated": "2024-08-07T05:20:33.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0948 (GCVE-0-2007-0948)
Vulnerability from cvelistv5 – Published: 2007-08-14 22:00 – Updated: 2024-08-07 12:34
VLAI?
Summary
Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:1259",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1259"
},
{
"name": "TA07-226A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"
},
{
"name": "1018567",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018567"
},
{
"name": "ADV-2007-2873",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2873"
},
{
"name": "25298",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25298"
},
{
"name": "MS07-049",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-049"
},
{
"name": "26444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to \"interaction and initialization of components.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:1259",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1259"
},
{
"name": "TA07-226A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"
},
{
"name": "1018567",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018567"
},
{
"name": "ADV-2007-2873",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2873"
},
{
"name": "25298",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25298"
},
{
"name": "MS07-049",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-049"
},
{
"name": "26444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26444"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-0948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to \"interaction and initialization of components.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:1259",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1259"
},
{
"name": "TA07-226A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"
},
{
"name": "1018567",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018567"
},
{
"name": "ADV-2007-2873",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2873"
},
{
"name": "25298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25298"
},
{
"name": "MS07-049",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-049"
},
{
"name": "26444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26444"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-0948",
"datePublished": "2007-08-14T22:00:00",
"dateReserved": "2007-02-14T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0115 (GCVE-0-2004-0115)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 00:10
VLAI?
Summary
VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3893",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3893"
},
{
"name": "9632",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9632"
},
{
"name": "virtual-pc-gain-privileges(15113)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15113"
},
{
"name": "O-076",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/o-076.shtml"
},
{
"name": "A021004-1",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE",
"x_transferred"
],
"url": "http://www.atstake.com/research/advisories/2004/a021004-1.txt"
},
{
"name": "MS04-005",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3893",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3893"
},
{
"name": "9632",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9632"
},
{
"name": "virtual-pc-gain-privileges(15113)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15113"
},
{
"name": "O-076",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/o-076.shtml"
},
{
"name": "A021004-1",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE"
],
"url": "http://www.atstake.com/research/advisories/2004/a021004-1.txt"
},
{
"name": "MS04-005",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3893",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3893"
},
{
"name": "9632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9632"
},
{
"name": "virtual-pc-gain-privileges(15113)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15113"
},
{
"name": "O-076",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-076.shtml"
},
{
"name": "A021004-1",
"refsource": "ATSTAKE",
"url": "http://www.atstake.com/research/advisories/2004/a021004-1.txt"
},
{
"name": "MS04-005",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0115",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-02-03T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1225 (GCVE-0-2010-1225)
Vulnerability from nvd – Published: 2010-04-01 22:00 – Updated: 2024-08-07 01:14
VLAI?
Summary
The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100316 CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug"
},
{
"name": "1023720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023720"
},
{
"name": "38764",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because \"the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20100316 CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug"
},
{
"name": "1023720",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023720"
},
{
"name": "38764",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because \"the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100316 CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
},
{
"name": "http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug"
},
{
"name": "1023720",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023720"
},
{
"name": "38764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1225",
"datePublished": "2010-04-01T22:00:00",
"dateReserved": "2010-04-01T00:00:00",
"dateUpdated": "2024-08-07T01:14:06.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1542 (GCVE-0-2009-1542)
Vulnerability from nvd – Published: 2009-07-15 15:00 – Updated: 2024-08-07 05:20
VLAI?
Summary
The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:33.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1890",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1890"
},
{
"name": "35808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35808"
},
{
"name": "MS09-033",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033"
},
{
"name": "1022544",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022544"
},
{
"name": "TA09-195A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"name": "oval:org.mitre.oval:def:6166",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka \"Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "ADV-2009-1890",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1890"
},
{
"name": "35808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35808"
},
{
"name": "MS09-033",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033"
},
{
"name": "1022544",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022544"
},
{
"name": "TA09-195A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"name": "oval:org.mitre.oval:def:6166",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-1542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka \"Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1890",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1890"
},
{
"name": "35808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35808"
},
{
"name": "MS09-033",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033"
},
{
"name": "1022544",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022544"
},
{
"name": "TA09-195A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"name": "oval:org.mitre.oval:def:6166",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-1542",
"datePublished": "2009-07-15T15:00:00",
"dateReserved": "2009-05-05T00:00:00",
"dateUpdated": "2024-08-07T05:20:33.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0948 (GCVE-0-2007-0948)
Vulnerability from nvd – Published: 2007-08-14 22:00 – Updated: 2024-08-07 12:34
VLAI?
Summary
Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:1259",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1259"
},
{
"name": "TA07-226A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"
},
{
"name": "1018567",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018567"
},
{
"name": "ADV-2007-2873",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2873"
},
{
"name": "25298",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25298"
},
{
"name": "MS07-049",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-049"
},
{
"name": "26444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to \"interaction and initialization of components.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:1259",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1259"
},
{
"name": "TA07-226A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"
},
{
"name": "1018567",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018567"
},
{
"name": "ADV-2007-2873",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2873"
},
{
"name": "25298",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25298"
},
{
"name": "MS07-049",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-049"
},
{
"name": "26444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26444"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-0948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to \"interaction and initialization of components.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:1259",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1259"
},
{
"name": "TA07-226A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"
},
{
"name": "1018567",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018567"
},
{
"name": "ADV-2007-2873",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2873"
},
{
"name": "25298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25298"
},
{
"name": "MS07-049",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-049"
},
{
"name": "26444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26444"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2007-0948",
"datePublished": "2007-08-14T22:00:00",
"dateReserved": "2007-02-14T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0115 (GCVE-0-2004-0115)
Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 00:10
VLAI?
Summary
VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3893",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3893"
},
{
"name": "9632",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9632"
},
{
"name": "virtual-pc-gain-privileges(15113)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15113"
},
{
"name": "O-076",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/o-076.shtml"
},
{
"name": "A021004-1",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE",
"x_transferred"
],
"url": "http://www.atstake.com/research/advisories/2004/a021004-1.txt"
},
{
"name": "MS04-005",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3893",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3893"
},
{
"name": "9632",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9632"
},
{
"name": "virtual-pc-gain-privileges(15113)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15113"
},
{
"name": "O-076",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/o-076.shtml"
},
{
"name": "A021004-1",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE"
],
"url": "http://www.atstake.com/research/advisories/2004/a021004-1.txt"
},
{
"name": "MS04-005",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3893",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3893"
},
{
"name": "9632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9632"
},
{
"name": "virtual-pc-gain-privileges(15113)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15113"
},
{
"name": "O-076",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-076.shtml"
},
{
"name": "A021004-1",
"refsource": "ATSTAKE",
"url": "http://www.atstake.com/research/advisories/2004/a021004-1.txt"
},
{
"name": "MS04-005",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0115",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-02-03T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}