| ID |
CVE-2007-0948
|
| Summary |
Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components." |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:microsoft:virtual_pc:6.1:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:virtual_pc:6.1:*:mac:*:*:*:*:*
-
cpe:2.3:a:microsoft:virtual_pc:7:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:virtual_pc:7:*:mac:*:*:*:*:*
-
cpe:2.3:a:microsoft:virtual_pc:2004:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:virtual_pc:2004:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:virtual_server:2005:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:virtual_server:2005:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:virtual_server:2005:r2:*:*:*:*:*:*
cpe:2.3:a:microsoft:virtual_server:2005:r2:*:*:*:*:*:*
|
| CVSS |
| Base: | 9.3 (as of 12-10-2018 - 21:43) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| oval
via4
|
| accepted | 2014-06-30T04:00:36.514-04:00 | | class | vulnerability | | contributors | | name | Sudhir Gandhe | | organization | Secure Elements, Inc. |
| name | Jonathan Baker | | organization | The MITRE Corporation |
| name | Josh Turpin | | organization | Symantec Corporation |
| name | Maria Mikhno | | organization | ALTX-SOFT |
| | definition_extensions | | comment | Microsoft Virtual PC 2004 is installed | | oval | oval:org.mitre.oval:def:1969 |
| comment | Microsoft Virtual PC 2004 Service Pack 1 is installed | | oval | oval:org.mitre.oval:def:2177 |
| comment | Microsoft Virtual Server 2005 Standard is installed | | oval | oval:org.mitre.oval:def:2119 |
| comment | Microsoft Virtual Server 2005 Enterprise is installed | | oval | oval:org.mitre.oval:def:2220 |
| comment | Microsoft Virtual Server 2005 R2 Standard is installed | | oval | oval:org.mitre.oval:def:2201 |
| comment | Microsoft Virtual Server 2005 R2 Enterprise is installed | | oval | oval:org.mitre.oval:def:2231 |
| | description | Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components." | | family | windows | | id | oval:org.mitre.oval:def:1259 | | status | accepted | | submitted | 2007-08-16T14:50:00 | | title | Virtual PC and Virtual Server Heap Overflow Vulnerability | | version | 10 |
|
| refmap
via4
|
| bid | 25298 | | cert | TA07-226A | | sectrack | 1018567 | | secunia | 26444 | | vupen | ADV-2007-2873 |
|
| Last major update |
12-10-2018 - 21:43 |
| Published |
14-08-2007 - 22:17 |
| Last modified |
12-10-2018 - 21:43 |
