File System Vulnerability in Parallels Desktop for Mac by Parallels
CVE-2007-1222

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Desktop
Vendor: CVE Published:; 2 March 2007

What is CVE-2007-1222?

Parallels Desktop for Mac versions prior to 20070216 expose a serious vulnerability through the Drag and Drop feature, by sharing the entire host filesystem as the .psf share. This flaw allows local users of the guest operating system to write arbitrary files to the host filesystem, potentially leading to unauthorized code execution. By manipulating the host filesystem and placing a plist file in a LaunchAgents directory, attackers can exploit this issue to execute arbitrary code within the host environment, highlighting significant risks associated with virtualization technology in macOS.

References

http://osvdb.org/33799

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/24171

third-party-advisoryx_refsource_SECUNIA

http://lists.immunitysec.com/pipermail/dailydave/2007-Feb...

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Mar 2, 2007
Vulnerability Reserved
Mar 2, 2007