Denial of Service Vulnerability in Parallels Virtualization Software
CVE-2007-2455

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Desktop
Vendor: CVE Published:; 2 May 2007

What is CVE-2007-2455?

Parallels Virtualization Software is susceptible to a denial of service vulnerability that allows local users to trigger virtual machine abort conditions. This can be achieved through several methods, including the execution of specific INT instructions (such as INT 0xAA), using an IRET instruction with an invalid address on the stack, or a malformed MOVNTI instruction. Additionally, a write operation to specific segment registers, namely SEGR6 and SEGR7, may also result in a denial of service.

References

http://osvdb.org/41166

vdb-entryx_refsource_OSVDB

http://taviso.decsystem.org/virtsec.pdf

x_refsource_MISC

http://osvdb.org/41164

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
May 2, 2007
Vulnerability Reserved
May 2, 2007