- Description
- The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
- Source
- secure@microsoft.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 9
- Impact score
- 10
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:C/A:C
- nvd@nist.gov
- CWE-264
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:virtual_pc:2004:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B85AEB7-0AB3-4AFA-B589-74DF583225C4"
},
{
"criteria": "cpe:2.3:a:microsoft:virtual_pc:2007:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0E550D9F-C197-4EA1-A018-73C0E8B03E6C"
},
{
"criteria": "cpe:2.3:a:microsoft:virtual_pc:2007:*:x64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F61DD9A1-A925-4FA3-BD6A-708F039F7F9B"
},
{
"criteria": "cpe:2.3:a:microsoft:virtual_pc:2007:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98616FA1-76B2-40C1-806E-71A4D76CB5D1"
},
{
"criteria": "cpe:2.3:a:microsoft:virtual_server:2005:r2_sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C5705C94-8B44-48D7-873B-1909FE2D020E"
},
{
"criteria": "cpe:2.3:a:microsoft:virtual_server:2005:r2_sp1:x64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35C436EF-6A98-47F7-BA5E-2E4B8497045F"
}
],
"operator": "OR"
}
]
}
]