NASLDB: MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
General
ID: 25902
Name: MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
Summary: Determines the version of Virtual PC/Server
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C
Port: 139
Family: Windows : Microsoft Bulletins
Type: Local
Description
The remote host is running a version of Virtual PC or Virtual Server
that is vulerable to a heap overflow that could allow arbitrary code
to be run.
An attacker may use this to execute arbitrary code on the host
operating system or others guests.
To succeed, the attacker needs administrative privileges on the guest
operating system.
Exploiting
Exploit Available: False
Exploitability Ease: No known exploits are available
Sources
CVE: CVE-2007-0948
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2007/08/14
Patch Release: 2007/08/14
Plugin Release: 2007/08/16
Plugin
Version: 1.20
Filename: smb_nt_ms07-049.nasl
Filesize: 4046 bytes
MD5 Hash: e74e090ba527f298d917395355a80b26
Identification: Host/patch_management_checks
Require Keys: SMB/MS_Bulletin_Checks/Possible
Dependencies: "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"
Copyright: This script is Copyright© 2007-2012 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack