Memory Management Vulnerability in Microsoft Virtual Machine Monitor
CVE-2010-1225

Currently unrated

Key Information:

Vendor: Microsoft
Status: Virtual Pc; Windows Virtual Pc; Virtual Server
Vendor: CVE Published:; 1 April 2010

Summary

The memory-management functionality within the Virtual Machine Monitor of Microsoft Virtual PC 2007, Virtual Server 2005, and Windows Virtual PC has a flaw that inadequately restricts memory access from guest operating systems. This vulnerability could allow context-dependent attackers to circumvent certain anti-exploitation protections by manipulating input to susceptible applications within a guest OS. It is important to note that this issue primarily affects systems running vulnerable applications, as memory areas accessible from the guest OS cannot be used to execute remote code or elevate privileges, nor is any data from the host system exposed.

References

http://www.securityfocus.com/archive/1/510154/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.coresecurity.com/content/virtual-pc-2007-hyper...

x_refsource_MISC

http://securitytracker.com/id?1023720

vdb-entryx_refsource_SECTRACK

EPSS Score

35% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 1, 2010
Vulnerability Reserved
Apr 1, 2010