Vulnerability Description
Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Mac Os X | 10.4.9 |
| Parallels | Parallels Desktop | All versions |
References
- http://lists.immunitysec.com/pipermail/dailydave/2007-February/004091.html
- http://osvdb.org/33799
- http://secunia.com/advisories/24171
- http://lists.immunitysec.com/pipermail/dailydave/2007-February/004091.html
- http://osvdb.org/33799
- http://secunia.com/advisories/24171
FAQ
What is CVE-2007-1222?
CVE-2007-1222 is a vulnerability with a CVSS score of 7.2 (HIGH). Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary fi...
How severe is CVE-2007-1222?
CVE-2007-1222 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1222?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Parallels Parallels Desktop.