MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.

Synopsis :

A user can elevate his privileges on the virtual system.

Description :

The remote host is running a version of Virtual PC or Virtual Server
that is vulerable to a heap overflow that could allow arbitrary code
to be run.

An attacker may use this to execute arbitrary code on the host
operating system or others guests.

To succeed, the attacker needs administrative privileges on the guest
operating system.

See also :

Solution :

Microsoft has released a set of patches for Virtual PC 2004 and Virtual
Server 2005.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 25902 ()

Bugtraq ID: 25298

CVE ID: CVE-2007-0948

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial