Vulnerability-Lookup

CNVD-2015-01385

Vulnerability from cnvd - Published: 2015-03-03

Title

Microsoft Virtual PC Hypervisor Virtual Machine Monitor安全绕过漏洞

Description

Windows Virtual PC是最新的Microsoft 虚拟化技术。 Microsoft Virtual PC Hypervisor Virtual Machine Monitor存在安全绕过漏洞，攻击者可以利用这个漏洞绕过内存保护机制，获取敏感信息。

Severity

高

Patch Name

Microsoft Virtual PC Hypervisor Virtual Machine Monitor安全绕过漏洞的补丁

Patch Description

Windows Virtual PC是最新的 Microsoft 虚拟化技术。 Microsoft Virtual PC Hypervisor Virtual Machine Monitor存在安全绕过漏洞，攻击者可以利用这个漏洞绕过内存保护机制，获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.coresecurity.com/grid/advisorieshttp://www.microsoft.com/ko-kr/default.aspx

Reference

http://www.securityfocus.com/bid/38764

Impacted products

Name
['Microsoft Virtual PC 2007', 'Microsoft Virtual PC 2007 sp1']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "38764"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2010-1225"
    }
  },
  "description": "Windows Virtual PC\u662f\u6700\u65b0\u7684Microsoft \u865a\u62df\u5316\u6280\u672f\u3002\r\nMicrosoft Virtual PC Hypervisor Virtual Machine Monitor\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u7ed5\u8fc7\u5185\u5b58\u4fdd\u62a4\u673a\u5236\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Nicolas Economou from Core Security Technologies",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.coresecurity.com/grid/advisorieshttp://www.microsoft.com/ko-kr/default.aspx",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-01385",
  "openTime": "2015-03-03",
  "patchDescription": "Windows Virtual PC\u662f\u6700\u65b0\u7684 Microsoft \u865a\u62df\u5316\u6280\u672f\u3002\r\nMicrosoft Virtual PC Hypervisor Virtual Machine Monitor\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u7ed5\u8fc7\u5185\u5b58\u4fdd\u62a4\u673a\u5236\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Virtual PC Hypervisor Virtual Machine Monitor\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Virtual PC 2007",
      "Microsoft Virtual PC 2007 sp1"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/38764",
  "serverity": "\u9ad8",
  "submitTime": "2015-02-27",
  "title": "Microsoft Virtual PC Hypervisor Virtual Machine Monitor\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2010-1225 (GCVE-0-2010-1225)

Vulnerability from cvelistv5 – Published: 2010-04-01 22:00 – Updated: 2024-08-07 01:14

Summary

The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/archive/1/510154/100…	mailing-listx_refsource_BUGTRAQ
	http://www.coresecurity.com/content/virtual-pc-20…	x_refsource_MISC
	http://securitytracker.com/id?1023720	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/38764	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:14:06.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20100316 CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug"
          },
          {
            "name": "1023720",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023720"
          },
          {
            "name": "38764",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/38764"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-03-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application.  NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because \"the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20100316 CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug"
        },
        {
          "name": "1023720",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023720"
        },
        {
          "name": "38764",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/38764"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-1225",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application.  NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because \"the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20100316 CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
            },
            {
              "name": "http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug",
              "refsource": "MISC",
              "url": "http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug"
            },
            {
              "name": "1023720",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023720"
            },
            {
              "name": "38764",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/38764"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-1225",
    "datePublished": "2010-04-01T22:00:00",
    "dateReserved": "2010-04-01T00:00:00",
    "dateUpdated": "2024-08-07T01:14:06.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-01385

CVE-2010-1225 (GCVE-0-2010-1225)

Tags

Sightings

Nomenclature