Content
(MS07-049) Microsoft Virtual PC and Virtual Server Heap Overflow Vulnerability (937986)
- Type
- Buffer Overflow
- Impact of exploitation
- Privilege Escalation
- User Interaction
- no user interaction is needed
- Attack Vector
- Authenticated locally logged on user with limited privileges
- Rating
- Medium
- CVE reference
- CVE-2007-0948,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows 2000 SP4,
- Windows 2003 SP0 - SP2,
- Windows XP SP0 - SP2,
- Virtual PC 2004,
- Virtual PC for Mac Version 6.1,
- Virtual PC for Mac Version 7,
- Virtual Server 2005,
- Virtual Server 2005 R2,
- Summary
- A vulnerability in Microsoft Virtual PC and Server may allow for local privilege escalation attacks.
Tab Navigation
Description
Microsoft Virtual PC and Server are operating-system virtualization software developed by Microsoft. A heap-overflow vulnerability in Microsoft Virtual PC and Server may allow for local privilege escalation attacks. A attacker with administrative credentials on the client operating system could trigger a heap overflow in the interaction between Virtual PC and Server. A successful attack would allow arbitrary code execution on other virtual guest operating system and on the host operating system.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft (937986): http://www.microsoft.com/technet/security/Bulletin/MS07-049.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS07-049) Microsoft Virtual PC Heap Overflow Vulnerability (937986)
- Signature identifier:
- 5421
- Release date:
- 8/14/2007
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS07-049) Microsoft Virtual Server Heap Overflow Vulnerability (937986)
- Signature identifier:
- 5426
- Release date:
- 8/14/2007
McAfee Host IPS
This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- Buffer Overflow in Microsoft Virtual PC
- Signature identifier:
- 3859
- Release date:
- 8/14/2007
- First released in:
- 1159/1595
McAfee Host IPS
Out of the box, HIPS protects against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- Generic Buffer Overflow
- Signature identifier:
- 428
- Release date:
- 8/24/2000
- First released in:
- 2.0
Additional Resources
Microsoft Security Bulletin: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
http://www.microsoft.com/technet/security/Bulletin/MS07-049.mspx
All Information
Timeline -
11/13/2007
Vendor has updated its security bulletin to include information about errors in patch application and provided an updated patch
8/14/2007
Vendor has provided a patch.
Description -
Microsoft Virtual PC and Server are operating-system virtualization software developed by Microsoft. A heap-overflow vulnerability in Microsoft Virtual PC and Server may allow for local privilege escalation attacks. A attacker with administrative credentials on the client operating system could trigger a heap overflow in the interaction between Virtual PC and Server. A successful attack would allow arbitrary code execution on other virtual guest operating system and on the host operating system.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft (937986): http://www.microsoft.com/technet/security/Bulletin/MS07-049.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS07-049) Microsoft Virtual PC Heap Overflow Vulnerability (937986)
- Signature identifier:
- 5421
- Release date:
- 8/14/2007
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS07-049) Microsoft Virtual Server Heap Overflow Vulnerability (937986)
- Signature identifier:
- 5426
- Release date:
- 8/14/2007
McAfee Host IPS
This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- Buffer Overflow in Microsoft Virtual PC
- Signature identifier:
- 3859
- Release date:
- 8/14/2007
- First released in:
- 1159/1595
McAfee Host IPS
Out of the box, HIPS protects against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- Generic Buffer Overflow
- Signature identifier:
- 428
- Release date:
- 8/24/2000
- First released in:
- 2.0
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
http://www.microsoft.com/technet/security/Bulletin/MS07-049.mspx
