CVE-2009-1542

2009-07-1515:30:01

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.014

Percentile

86.4%

JSON

The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka “Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability.”

Affected configurations

Nvd

Node

microsoftvirtual_pcMatch2004sp1

microsoftvirtual_pcMatch2007

microsoftvirtual_pcMatch2007x64

microsoftvirtual_pcMatch2007sp1

microsoftvirtual_serverMatch2005r2_sp1

microsoftvirtual_serverMatch2005r2_sp1x64

VendorProductVersionCPE
microsoftvirtual_pc2004cpe:2.3:a:microsoft:virtual_pc:2004:sp1:*:*:*:*:*:*
microsoftvirtual_pc2007cpe:2.3:a:microsoft:virtual_pc:2007:*:*:*:*:*:*:*
microsoftvirtual_pc2007cpe:2.3:a:microsoft:virtual_pc:2007:*:x64:*:*:*:*:*
microsoftvirtual_pc2007cpe:2.3:a:microsoft:virtual_pc:2007:sp1:*:*:*:*:*:*
microsoftvirtual_server2005cpe:2.3:a:microsoft:virtual_server:2005:r2_sp1:*:*:*:*:*:*
microsoftvirtual_server2005cpe:2.3:a:microsoft:virtual_server:2005:r2_sp1:x64:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	virtual_pc	2004	cpe:2.3:a:microsoft:virtual_pc:2004:sp1::::::
microsoft	virtual_pc	2007	cpe:2.3:a:microsoft:virtual_pc:2007:::::::*
microsoft	virtual_pc	2007	cpe:2.3:a:microsoft:virtual_pc:2007::x64:::::
microsoft	virtual_pc	2007	cpe:2.3:a:microsoft:virtual_pc:2007:sp1::::::
microsoft	virtual_server	2005	cpe:2.3:a:microsoft:virtual_server:2005:r2_sp1::::::
microsoft	virtual_server	2005	cpe:2.3:a:microsoft:virtual_server:2005:r2_sp1:x64:::::*