cvelistv5 - cve-2007-0948

CVE-2007-0948 (GCVE-0-2007-0948)

Vulnerability from cvelistv5

Published

2007-08-14 22:00

Modified

2024-08-07 12:34

Severity ?

CWE

Summary

Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."

References

URL

Tags

	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1259	vdb-entry, signature, x_refsource_OVAL
	http://www.us-cert.gov/cas/techalerts/TA07-226A.html	third-party-advisory, x_refsource_CERT
	http://www.securitytracker.com/id?1018567	vdb-entry, x_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2007/2873	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/25298	vdb-entry, x_refsource_BID
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-049	vendor-advisory, x_refsource_MS
	http://secunia.com/advisories/26444	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:34:21.298Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:1259",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1259"
          },
          {
            "name": "TA07-226A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"
          },
          {
            "name": "1018567",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018567"
          },
          {
            "name": "ADV-2007-2873",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2873"
          },
          {
            "name": "25298",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25298"
          },
          {
            "name": "MS07-049",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-049"
          },
          {
            "name": "26444",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26444"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-08-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to \"interaction and initialization of components.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:1259",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1259"
        },
        {
          "name": "TA07-226A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"
        },
        {
          "name": "1018567",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018567"
        },
        {
          "name": "ADV-2007-2873",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2873"
        },
        {
          "name": "25298",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25298"
        },
        {
          "name": "MS07-049",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-049"
        },
        {
          "name": "26444",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26444"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-0948",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to \"interaction and initialization of components.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:1259",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1259"
            },
            {
              "name": "TA07-226A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"
            },
            {
              "name": "1018567",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018567"
            },
            {
              "name": "ADV-2007-2873",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2873"
            },
            {
              "name": "25298",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25298"
            },
            {
              "name": "MS07-049",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-049"
            },
            {
              "name": "26444",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26444"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-0948",
    "datePublished": "2007-08-14T22:00:00.000Z",
    "dateReserved": "2007-02-14T00:00:00.000Z",
    "dateUpdated": "2024-08-07T12:34:21.298Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2007-AVI-360

Vulnerability from certfr_avis

Une vulnérabilité a été identifiée dans Microsoft Virtual PC et Microsoft Virtual Server. Cette dernière peut être exploitée par un utilisateur ayant accès à une machine virtuelle particulière pour exécuter du code sur le système d'accueil (hôte) ou sur d'autres machines virtuelles.

Description

Une vulnérabilité de type débordement de tas a été identifiée dans Microsoft Virtual PC et Microsoft Virtual Server. Cette dernière peut être exploitée par un utilisateur doté des droits administrateur sur le système d'exploitation invité afin d'exécuter du code sur le système d'exploitation hôte ou sur d'autres systèmes invité.

Solution

Se référer au bulletin de sécurité MS07-049 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

Microsoft Virtual PC 2004 ;
Microsoft Virtual PC 2004 Service Pack 1 ;
Microsoft Virtual Server 2005 Standard Edition ;
Microsoft Virtual Server 2005 Enterprise Edition ;
Microsoft Virtual Server 2005 R2 Standard Edition ;
Microsoft Virtual Server 2005 R2 Enterprise Edition ;
Microsoft Virtual PC pour Mac version 6.1 ;
Microsoft Virtual PC pour Mac version 7.

Les versions Microsoft Virtual PC 2007 et Microsoft Virtual Server 2005 R2 Service Pack 1 ne seraient pas affectées.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-049 du 14 août 2007

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eMicrosoft Virtual PC 2004 ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Virtual PC 2004 Service Pack 1 ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Virtual Server 2005 Standard Edition ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Virtual Server 2005 Enterprise Edition ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Virtual Server 2005 R2 Standard Edition ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Virtual Server 2005 R2 Enterprise Edition ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Virtual PC pour Mac version 6.1 ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Virtual PC pour Mac version 7.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eLes versions Microsoft Virtual PC 2007 et Microsoft Virtual  Server 2005 R2 Service Pack 1 ne seraient pas affect\u00e9es.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de tas a \u00e9t\u00e9 identifi\u00e9e dans\nMicrosoft Virtual PC et Microsoft Virtual Server. Cette derni\u00e8re peut\n\u00eatre exploit\u00e9e par un utilisateur dot\u00e9 des droits administrateur sur le\nsyst\u00e8me d\u0027exploitation invit\u00e9 afin d\u0027ex\u00e9cuter du code sur le syst\u00e8me\nd\u0027exploitation h\u00f4te ou sur d\u0027autres syst\u00e8mes invit\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS07-049 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0948"
    }
  ],
  "initial_release_date": "2007-08-14T00:00:00",
  "last_revision_date": "2007-08-14T00:00:00",
  "links": [],
  "reference": "CERTA-2007-AVI-360",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans Microsoft Virtual PC et\nMicrosoft Virtual Server. Cette derni\u00e8re peut \u00eatre exploit\u00e9e par un\nutilisateur ayant acc\u00e8s \u00e0 une machine virtuelle particuli\u00e8re pour\nex\u00e9cuter du code sur le syst\u00e8me d\u0027accueil (h\u00f4te) ou sur d\u0027autres\nmachines virtuelles.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Microsoft Virtual PC et Virtual Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-049 du 14 ao\u00fbt 2007",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-049.mspx"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-0948 (GCVE-0-2007-0948)

Vulnerability from cvelistv5

CERTA-2007-AVI-360

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature