Vulnerability Description
Heap-based buffer overflow in the VGA device in Parallels allows local users, with root access to the guest operating system, to terminate the virtual machine and possibly execute arbitrary code in the host operating system via unspecified vectors related to bitblt operations.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Parallels | Parallels Desktop | All versions |
References
- http://osvdb.org/40228
- http://taviso.decsystem.org/virtsec.pdf
- http://osvdb.org/40228
- http://taviso.decsystem.org/virtsec.pdf
FAQ
What is CVE-2007-2454?
CVE-2007-2454 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Heap-based buffer overflow in the VGA device in Parallels allows local users, with root access to the guest operating system, to terminate the virtual machine and possibly execute arbitrary code in th...
How severe is CVE-2007-2454?
CVE-2007-2454 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2454?
Check the references section above for vendor advisories and patch information. Affected products include: Parallels Parallels Desktop.