CVE-2010-1225 (GCVE-0-2010-1225)

Vulnerability from cvelistv5 – Published: 2010-04-01 22:00 – Updated: 2024-08-07 01:14
VLAI?
Summary
The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:14:06.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20100316 CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug"
          },
          {
            "name": "1023720",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023720"
          },
          {
            "name": "38764",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/38764"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-03-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application.  NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because \"the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20100316 CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug"
        },
        {
          "name": "1023720",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023720"
        },
        {
          "name": "38764",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/38764"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-1225",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application.  NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because \"the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20100316 CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
            },
            {
              "name": "http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug",
              "refsource": "MISC",
              "url": "http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug"
            },
            {
              "name": "1023720",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023720"
            },
            {
              "name": "38764",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/38764"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-1225",
    "datePublished": "2010-04-01T22:00:00",
    "dateReserved": "2010-04-01T00:00:00",
    "dateUpdated": "2024-08-07T01:14:06.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:virtual_pc:2007:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E550D9F-C197-4EA1-A018-73C0E8B03E6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:virtual_pc:2007:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"98616FA1-76B2-40C1-806E-71A4D76CB5D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:virtual_server:2005:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3900BDEA-91E7-4534-8262-4A782BA9C19C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:virtual_server:2005:r2_sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5705C94-8B44-48D7-873B-1909FE2D020E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:windows_virtual_pc:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45C4ADB8-E0D3-465D-9BBF-89F90453EC1F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application.  NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because \\\"the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS.\\\"\"}, {\"lang\": \"es\", \"value\": \"La aplicaci\\u00f3n de administraci\\u00f3n de memoria en Virtual Machine Monitor (alias VMM o hipervisor) en Microsoft Virtual PC 2007 Gold y SP1 y Virtual Server 2005 Gold y R2 SP1 y Windows Virtual PC no restringe adecuadamente el acceso desde el sistema operativo huesped a lugares de memoria en el \\u00e1rea de trabajo VMM, lo que permite a atacantes dependientes del contexto pasar por alto ciertos mecanismos de protecci\\u00f3n contra la explotaci\\u00f3n en el sistema operativo hu\\u00e9sped mediante una entrada manipulada para una aplicaci\\u00f3n vulnerable. NOTA: el fabricante considera que s\\u00f3lo los sistemas con una aplicaci\\u00f3n ya vulnerable se ven afectados, ya que \\\"las \\u00e1reas de memoria accesibles desde el hu\\u00e9sped no se pueden aprovechar para lograr bien la ejecuci\\u00f3n remota de c\\u00f3digo o bien la elevaci\\u00f3n de privilegios y ... no hay datos del equipo anfitri\\u00f3n expuestos al SO hu\\u00e9sped. \\\"\"}]",
      "id": "CVE-2010-1225",
      "lastModified": "2024-11-21T01:13:55.220",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2010-04-01T22:30:00.327",
      "references": "[{\"url\": \"http://securitytracker.com/id?1023720\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/510154/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/38764\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://securitytracker.com/id?1023720\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/510154/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/38764\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-1225\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-04-01T22:30:00.327\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application.  NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because \\\"the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS.\\\"\"},{\"lang\":\"es\",\"value\":\"La aplicaci\u00f3n de administraci\u00f3n de memoria en Virtual Machine Monitor (alias VMM o hipervisor) en Microsoft Virtual PC 2007 Gold y SP1 y Virtual Server 2005 Gold y R2 SP1 y Windows Virtual PC no restringe adecuadamente el acceso desde el sistema operativo huesped a lugares de memoria en el \u00e1rea de trabajo VMM, lo que permite a atacantes dependientes del contexto pasar por alto ciertos mecanismos de protecci\u00f3n contra la explotaci\u00f3n en el sistema operativo hu\u00e9sped mediante una entrada manipulada para una aplicaci\u00f3n vulnerable. NOTA: el fabricante considera que s\u00f3lo los sistemas con una aplicaci\u00f3n ya vulnerable se ven afectados, ya que \\\"las \u00e1reas de memoria accesibles desde el hu\u00e9sped no se pueden aprovechar para lograr bien la ejecuci\u00f3n remota de c\u00f3digo o bien la elevaci\u00f3n de privilegios y ... no hay datos del equipo anfitri\u00f3n expuestos al SO hu\u00e9sped. \\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:virtual_pc:2007:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E550D9F-C197-4EA1-A018-73C0E8B03E6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:virtual_pc:2007:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"98616FA1-76B2-40C1-806E-71A4D76CB5D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:virtual_server:2005:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3900BDEA-91E7-4534-8262-4A782BA9C19C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:virtual_server:2005:r2_sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5705C94-8B44-48D7-873B-1909FE2D020E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:windows_virtual_pc:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45C4ADB8-E0D3-465D-9BBF-89F90453EC1F\"}]}]}],\"references\":[{\"url\":\"http://securitytracker.com/id?1023720\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/510154/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/38764\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://securitytracker.com/id?1023720\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/510154/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/38764\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.