CVE-2007-2454 - Heap-based buffer overflow in the VGA device in Parallels allows local users, with root access to th

CVE-2007-2454

Summary

Heap-based buffer overflow in the VGA device in Parallels allows local users, with root access to the guest operating system, to terminate the virtual machine and possibly execute arbitrary code in the host operating system via unspecified vectors related to bitblt operations.

References

http://osvdb.org/40228
http://taviso.decsystem.org/virtsec.pdf

Vulnerable Configurations

cpe:2.3:a:parallels:parallels_desktop:*:*:*:*:*:*:*:*
cpe:2.3:a:parallels:parallels_desktop:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 15-11-2008 - 06:48)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:S/C:C/I:C/A:C

refmap via4

misc	http://taviso.decsystem.org/virtsec.pdf
osvdb	40228

Last major update

15-11-2008 - 06:48

Published

02-05-2007 - 17:19

Last modified

15-11-2008 - 06:48