Secunia Security Advisory - A vulnerability has been reported in Microsoft Virtual PC and Virtual Server, which can be exploited by malicious, local users to gain escalated privileges.
a77cec89065650b21e324c37ef8c9e5f9a8618f62a0ded1570c9cc8c9d48a458
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Microsoft Virtual PC / Virtual Server Privilege Escalation
Vulnerability
SECUNIA ADVISORY ID:
SA26444
VERIFY ADVISORY:
http://secunia.com/advisories/26444/
CRITICAL:
Less critical
IMPACT:
Privilege escalation
WHERE:
Local system
SOFTWARE:
Microsoft Virtual PC 2004
http://secunia.com/product/5079/
Microsoft Virtual PC for Mac 6.x
http://secunia.com/product/2997/
Microsoft Virtual PC for Mac 7.x
http://secunia.com/product/15304/
Microsoft Virtual Server 2005
http://secunia.com/product/4643/
DESCRIPTION:
A vulnerability has been reported in Microsoft Virtual PC and Virtual
Server, which can be exploited by malicious, local users to gain
escalated privileges.
The vulnerability is caused due to an error within certain components
that communicate with the host OS and can be exploited to cause a
heap-based buffer overflow.
Successful exploitation allows an administrative user on a guest OS
to e.g. execute arbitrary code on the host OS or other guest OS's.
SOLUTION:
Apply patches.
Microsoft Virtual PC 2004:
http://www.microsoft.com/downloads/details.aspx?FamilyId=E2C72AAB-00DE-47C9-8ECB-09261C4B7DEB
Microsoft Virtual PC 2004 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2BDA2B8B-9C1C-4BF8-9A65-491092276E7A
Microsoft Virtual Server 2005 Standard Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F9EC76CD-0607-4394-BC49-35E95D02DA51
Microsoft Virtual Server 2005 Enterprise Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=A35E556C-2F7B-4B72-9662-AE7286573C3F
Microsoft Virtual Server 2005 R2 Standard Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D44B8669-A4FB-4CBA-B130-E1BC08B10C6F
Microsoft Virtual Server 2005 R2 Enterprise Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=84CA3BA9-6575-4C5B-8F8E-4E4A635A4705
Microsoft Virtual PC for Mac Version 6.1/7.0:
http://www.microsoft.com/mac/downloads.aspx#VPC
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Rafal Wojtczuk, McAfee Avert Labs.
ORIGINAL ADVISORY:
MS07-049 (KB937986):
http://www.microsoft.com/technet/security/Bulletin/MS07-049.mspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed