Vulnerability Description
Parallels allows local users to cause a denial of service (virtual machine abort) via (1) certain INT instructions, as demonstrated by INT 0xAA; (2) an IRET instruction when an invalid address is at the top of the stack; (3) a malformed MOVNTI instruction, as demonstrated by using a register as a destination; or a write operation to (4) SEGR6 or (5) SEGR7.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Parallels | Parallels Desktop | All versions |
References
- http://osvdb.org/41164
- http://osvdb.org/41165
- http://osvdb.org/41166
- http://osvdb.org/41167
- http://taviso.decsystem.org/virtsec.pdf
- http://osvdb.org/41164
- http://osvdb.org/41165
- http://osvdb.org/41166
- http://osvdb.org/41167
- http://taviso.decsystem.org/virtsec.pdf
FAQ
What is CVE-2007-2455?
CVE-2007-2455 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Parallels allows local users to cause a denial of service (virtual machine abort) via (1) certain INT instructions, as demonstrated by INT 0xAA; (2) an IRET instruction when an invalid address is at t...
How severe is CVE-2007-2455?
CVE-2007-2455 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2455?
Check the references section above for vendor advisories and patch information. Affected products include: Parallels Parallels Desktop.