CVE-2009-1542

Currently unrated

Key Information:

Vendor: Microsoft
Status: Virtual Pc; Virtual Server
Vendor: CVE Published:; 15 July 2009

Summary

The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."

References

http://www.vupen.com/english/advisories/2009/1890

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/35808

third-party-advisoryx_refsource_SECUNIA

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 15, 2009
Vulnerability Reserved
May 5, 2009

Collectors

NVD DatabaseMitre Database