cvelistv5 - cve-2009-1542

CVE-2009-1542 (GCVE-0-2009-1542)

Vulnerability from cvelistv5

Published

2009-07-15 15:00

Modified

2024-08-07 05:20

Severity ?

CWE

Summary

The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."

References

URL

Tags

secure@microsoft.com	http://secunia.com/advisories/35808
secure@microsoft.com	http://www.securitytracker.com/id?1022544
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-195A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2009/1890
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35808
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1022544
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-195A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1890
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:20:33.430Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-1890",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1890"
          },
          {
            "name": "35808",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35808"
          },
          {
            "name": "MS09-033",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033"
          },
          {
            "name": "1022544",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022544"
          },
          {
            "name": "TA09-195A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6166",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-07-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka \"Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "ADV-2009-1890",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1890"
        },
        {
          "name": "35808",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35808"
        },
        {
          "name": "MS09-033",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033"
        },
        {
          "name": "1022544",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022544"
        },
        {
          "name": "TA09-195A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6166",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-1542",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka \"Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-1890",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1890"
            },
            {
              "name": "35808",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35808"
            },
            {
              "name": "MS09-033",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033"
            },
            {
              "name": "1022544",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022544"
            },
            {
              "name": "TA09-195A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6166",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-1542",
    "datePublished": "2009-07-15T15:00:00",
    "dateReserved": "2009-05-05T00:00:00",
    "dateUpdated": "2024-08-07T05:20:33.430Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-1542\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2009-07-15T15:30:01.420\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka \\\"Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"El Virtual Machine Monitor (VMM)  en Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, no impone los requisitos de la CPU (privilege-level) para todas las instrucciones de la maquina, lo que permite a usuarios del sistema invitado (guest) ejecutar c\u00f3digo de su elecci\u00f3n en modo kernel (kernel -mode) y obtener privilegios dentro del sistema invitado a trav\u00e9s de aplicaciones manipuladas. Tambi\u00e9n conocido como \\\"Vulnerabilidad de decodificaci\u00f3n de instrucciones privilegiadas en Virtual PC y Virtual Server\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:virtual_pc:2004:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B85AEB7-0AB3-4AFA-B589-74DF583225C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:virtual_pc:2007:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E550D9F-C197-4EA1-A018-73C0E8B03E6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:virtual_pc:2007:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"F61DD9A1-A925-4FA3-BD6A-708F039F7F9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:virtual_pc:2007:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"98616FA1-76B2-40C1-806E-71A4D76CB5D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:virtual_server:2005:r2_sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5705C94-8B44-48D7-873B-1909FE2D020E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:virtual_server:2005:r2_sp1:x64:*:*:*:*:*\",\"matchCriteriaId\":\"35C436EF-6A98-47F7-BA5E-2E4B8497045F\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/35808\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1022544\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-195A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1890\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/35808\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1022544\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-195A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1890\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-7v53-rx9j-jjwf

Vulnerability from github

Published

2022-05-02 03:26

Modified

2022-05-02 03:26

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-1542"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-07-15T15:30:00Z",
    "severity": "HIGH"
  },
  "details": "The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka \"Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability.\"",
  "id": "GHSA-7v53-rx9j-jjwf",
  "modified": "2022-05-02T03:26:09Z",
  "published": "2022-05-02T03:26:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1542"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35808"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1022544"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1890"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2009-1542

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-1542

Aliases

CVE-2009-1542

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-1542",
    "description": "The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka \"Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability.\"",
    "id": "GSD-2009-1542"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-1542"
      ],
      "details": "The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka \"Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability.\"",
      "id": "GSD-2009-1542",
      "modified": "2023-12-13T01:19:48.327864Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2009-1542",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka \"Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2009-1890",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1890"
          },
          {
            "name": "35808",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35808"
          },
          {
            "name": "MS09-033",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033"
          },
          {
            "name": "1022544",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1022544"
          },
          {
            "name": "TA09-195A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6166",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:virtual_pc:2007:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:virtual_pc:2004:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:virtual_server:2005:r2_sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:virtual_server:2005:r2_sp1:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:virtual_pc:2007:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:virtual_pc:2007:*:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-1542"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka \"Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "35808",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35808"
            },
            {
              "name": "ADV-2009-1890",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1890"
            },
            {
              "name": "1022544",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1022544"
            },
            {
              "name": "TA09-195A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6166",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166"
            },
            {
              "name": "MS09-033",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-12T21:51Z",
      "publishedDate": "2009-07-15T15:30Z"
    }
  }
}

fkie_cve-2009-1542

Vulnerability from fkie_nvd

Published

2009-07-15 15:30

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://secunia.com/advisories/35808
secure@microsoft.com	http://www.securitytracker.com/id?1022544
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-195A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2009/1890
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35808
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1022544
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-195A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1890
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166

Impacted products

Vendor	Product	Version
microsoft	virtual_pc	2004
microsoft	virtual_pc	2007
microsoft	virtual_pc	2007
microsoft	virtual_pc	2007
microsoft	virtual_server	2005
microsoft	virtual_server	2005

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:virtual_pc:2004:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4B85AEB7-0AB3-4AFA-B589-74DF583225C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:virtual_pc:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E550D9F-C197-4EA1-A018-73C0E8B03E6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:virtual_pc:2007:*:x64:*:*:*:*:*",
              "matchCriteriaId": "F61DD9A1-A925-4FA3-BD6A-708F039F7F9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:virtual_pc:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "98616FA1-76B2-40C1-806E-71A4D76CB5D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:virtual_server:2005:r2_sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C5705C94-8B44-48D7-873B-1909FE2D020E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:virtual_server:2005:r2_sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "35C436EF-6A98-47F7-BA5E-2E4B8497045F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka \"Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "El Virtual Machine Monitor (VMM)  en Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, no impone los requisitos de la CPU (privilege-level) para todas las instrucciones de la maquina, lo que permite a usuarios del sistema invitado (guest) ejecutar c\u00f3digo de su elecci\u00f3n en modo kernel (kernel -mode) y obtener privilegios dentro del sistema invitado a trav\u00e9s de aplicaciones manipuladas. Tambi\u00e9n conocido como \"Vulnerabilidad de decodificaci\u00f3n de instrucciones privilegiadas en Virtual PC y Virtual Server\"."
    }
  ],
  "id": "CVE-2009-1542",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-07-15T15:30:01.420",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/35808"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1022544"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2009/1890"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022544"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1890"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2009-AVI-277

Vulnerability from certfr_avis

Une vulnérabilité dans Microsoft Virtual PC et Microsoft Virtual Server permet à une personne malintentionnée d'élever ses privilèges.

Description

Une vulnérabilité a été corrigée dans Microsoft Virtual PC et Microsoft Virtual Server. Celle-ci permet à une personne malintentionnée d'élever ses privilèges sous le système d'exploitation invité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Virtual PC 2007 Édition x64 Service Pack 1 ;
Microsoft	N/A	Microsoft Virtual PC 2007 Server Pack 1 ;
Microsoft	N/A	Microsoft Virtual PC 2004 Service Pack 1 ;
Microsoft	N/A	Microsoft Virtual Server 2005 R2 Édition x64 Service Pack 1.
Microsoft	N/A	Microsoft Virtual PC 2007 Édition x64 ;
Microsoft	N/A	Microsoft Virtual PC 2007 ;
Microsoft	N/A	Microsoft Virtual Server 2005 R2 Service Pack 1 ;

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-1542 (GCVE-0-2009-1542)

Vulnerability from cvelistv5

ghsa-7v53-rx9j-jjwf

Vulnerability from github

gsd-2009-1542

Vulnerability from gsd

fkie_cve-2009-1542

Vulnerability from fkie_nvd

CERTA-2009-AVI-277

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature