ID CVE-2007-0948
Summary Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:virtual_pc:6.1:*:mac:*:*:*:*:*
    cpe:2.3:a:microsoft:virtual_pc:6.1:*:mac:*:*:*:*:*
  • cpe:2.3:a:microsoft:virtual_pc:7:*:mac:*:*:*:*:*
    cpe:2.3:a:microsoft:virtual_pc:7:*:mac:*:*:*:*:*
  • cpe:2.3:a:microsoft:virtual_pc:2004:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:virtual_pc:2004:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:virtual_server:2005:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:virtual_server:2005:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:virtual_server:2005:r2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:virtual_server:2005:r2:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 12-10-2018 - 21:43)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2014-06-30T04:00:36.514-04:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Josh Turpin
    organization Symantec Corporation
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Virtual PC 2004 is installed
    oval oval:org.mitre.oval:def:1969
  • comment Microsoft Virtual PC 2004 Service Pack 1 is installed
    oval oval:org.mitre.oval:def:2177
  • comment Microsoft Virtual Server 2005 Standard is installed
    oval oval:org.mitre.oval:def:2119
  • comment Microsoft Virtual Server 2005 Enterprise is installed
    oval oval:org.mitre.oval:def:2220
  • comment Microsoft Virtual Server 2005 R2 Standard is installed
    oval oval:org.mitre.oval:def:2201
  • comment Microsoft Virtual Server 2005 R2 Enterprise is installed
    oval oval:org.mitre.oval:def:2231
description Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
family windows
id oval:org.mitre.oval:def:1259
status accepted
submitted 2007-08-16T14:50:00
title Virtual PC and Virtual Server Heap Overflow Vulnerability
version 10
refmap via4
bid 25298
cert TA07-226A
sectrack 1018567
secunia 26444
vupen ADV-2007-2873
Last major update 12-10-2018 - 21:43
Published 14-08-2007 - 22:17
Last modified 12-10-2018 - 21:43
Back to Top