CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
5.1%
Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory.
Vendor | Product | Version | CPE |
---|---|---|---|
apple | mac_os_x | 10.4.9 | cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:* |
parallels | parallels_desktop | * | cpe:2.3:a:parallels:parallels_desktop:*:*:*:*:*:*:*:* |