Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Virtual PC / Microsoft Virtual Server privilege escalation
Published:15.07.2009
Source:
SecurityVulns ID:10072
Type:local
Threat Level:
5/10
Description:Acceess to certain privileged instructions is not checked within virtual machine.
Affected:MICROSOFT : Virtual PC 2004
 MICROSOFT : Virtual Server 2005
 MICROSOFT : Virtual PC 2007
CVE:CVE-2009-1542 (The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS09-033 - Important Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856) (15.07.2009)
Files:Microsoft Security Bulletin MS09-033 - Important Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod