| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS07-049 | Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986) | Microsoft Virtual | Critical | 16-08-2007 |
Technical Information
Brief overview of the risk:
This is an elevation of privilege vulnerability. The vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating systems. Only guest operating system users who are granted administrative permissions to the guest operating system would be able to exploit this vulnerability. Guest operating system users not granted administrative permissions to the guest operating system would be unable to exploit this vulnerability.
Detailed Information on the risk:
An elevation of privilege vulnerability exists in Microsoft Virtual PC and Microsoft Virtual Server due to inaccurate initialization of components that communicate with the host operating system.Further information on this exploit is available at : MS07-049
Affected Software
Microsoft Virtual PC 2004Microsoft Virtual PC 2004 Service Pack 1
Microsoft Virtual PC for Mac Version 6.1
Microsoft Virtual PC for Mac Version 7
Microsoft Virtual Server 2005 Enterprise Edition
Microsoft Virtual Server 2005 R2 Enterprise Edition
Microsoft Virtual Server 2005 R2 Standard Edition
Microsoft Virtual Server 2005 Standard Edition