Heap-Based Buffer Overflow in Parallels VGA Device
CVE-2007-2454

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Desktop
Vendor: CVE Published:; 2 May 2007

What is CVE-2007-2454?

A heap-based buffer overflow vulnerability exists in the VGA device of Parallels, allowing local users with root access to the guest operating system to terminate the virtual machine. This flaw can potentially be exploited to execute arbitrary code on the host operating system through various unspecified vectors, particularly during bitblt operations. It is crucial for users to apply necessary security measures to safeguard their systems.

References

http://taviso.decsystem.org/virtsec.pdf

x_refsource_MISC

http://osvdb.org/40228

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
May 2, 2007
Vulnerability Reserved
May 2, 2007