MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

A user can elevate his privileges on the virtual system.

Description :

The remote host is running a version of Virtual PC or Virtual Server
that is vulerable to a heap overflow that could allow arbitrary code
to be run.

An attacker may use this to execute arbitrary code on the host
operating system or others guests.

To succeed, the attacker needs administrative privileges on the guest
operating system.

See also :

http://technet.microsoft.com/en-us/security/bulletin/MS07-049

Solution :

Microsoft has released a set of patches for Virtual PC 2004 and Virtual
Server 2005.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 25902 ()

Bugtraq ID: 25298

CVE ID: CVE-2007-0948