|
| |
|
Security Intelligence Operations
Microsoft Virtual PC and Virtual Server Privilege Escalation Vulnerability |
| |
| Vulnerability Alert | Powered by  |
|
|
| Threat Type: | Unauthorized Access: Privilege Escalation |
|
| IntelliShield ID: | 13949 |
| Version: | 2 |
| First Published: | August 14, 2007 03:56 PM EDT |
| Last Published: | November 13, 2007 04:48 PM EST |
| Vector: | Local |
| Authentication: | Single |
| Exploit: | Unproven |
| Port: |
Not Available
|
| CVE: | CVE-2007-0948 |
| |
| Urgency: |
Weakness
|  |
| Credibility: |
Confirmed
|  |
| Severity: |
Moderate Damage
|  |
| CVSS Base: | 6.8 |
CVSS Calculator
CVSS Version 2
|
| CVSS Temporal: | 5.0 |
|
|
| |
| Version Summary: | Microsoft has re-released a security bulletin with updated software to address the privilege escalation vulnerability in Microsoft Virtual PC and Virtual Server. The updated software addresses an installation issue that was present in the original patches. |
| |
| |
| Description |
|
Microsoft Virtual PC and Virtual Server contain a vulnerability that could allow a local attacker to gain escalated privileges.
The vulnerability exists due to improper restrictions on some components within Virtual PC and Virtual Server. A local attacker with elevated access to the guest operating system could exploit this vulnerability by passing malicious input to affected components, corrupting memory within the host operating system. An attacker could take advantage of this memory corruption to execute arbitrary code with elevated privileges.
Microsoft has confirmed this vulnerability in a security bulletin and released software updates. |
| |
| Warning Indicators |
|
Systems running the following software are vulnerable:
- Microsoft Virtual PC 2004
- Microsoft Virtual Server 2005
- Microsoft Virtual Server 2005 R2
- Microsoft Virtual PC for Mac Version 6.1
- Microsoft Virtual PC for Mac Version 7
|
| |
| IntelliShield Analysis |
|
To exploit this vulnerability, an attacker must have administrative access to a virtual operating system that is hosted on an affected system. Such access may require that the attacker access a system locally, or via network access in some configurations. An exploit could allow the attacker to execute arbitrary code with elevated privileges, allowing the attacker to take complete control over the host or another guest operating system.
The update available from Microsoft corrects this vulnerability by adding controls to restrict access to affected components. |
| |
 Vendor Announcements |
|
Microsoft has re-released a security bulletin at the following link: MS07-049 |
|
| |
| Impact |
|
A local attacker with elevated access to a guest operating system could exploit this vulnerability to execute arbitrary code. An exploit may result in a complete system compromise. |
| |
| Technical Information |
|
An attacker with local, elevated access to a virtual operating system that is hosted on an affected system could exploit this vulnerability. No further authentication is required.
This vulnerability exists due to improper restrictions on some components within Virtual PC and Virtual Server. Because of the missing controls, an attacker could manipulate parts of the affected application that allow for interaction between virtual and host operating systems. An attacker could leverage this vulnerability to trigger a heap-based buffer overflow within the host operating system, corrupting system memory. This memory corruption could allow the attacker to execute arbitrary code with elevated privileges. |
| |
| Safeguards |
|
Administrators are advised to apply the appropriate update.
Administrators are advised to grant system access only to trusted users.
Administrators are advised to monitor critical systems for signs of suspicious activity. |
| |
| Patches/Software |
|
|
Microsoft has released updated software at the following links:
Microsoft Virtual PC for Mac Version 6.1
Microsoft Virtual PC for Mac Version 7 |
|
| |
| Alert History |
| |
| Version 1, August 14, 2007, 3:56 PM: Microsoft Virtual PC and Virtual Server contain a vulnerability that could allow a local attacker to gain escalated privileges. Updates are available. |
|
Product Sets |
| |
The security vulnerability applies to the following combinations of products.
|
|
LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME. |
|
|
| |
