CVE-2007-2893

Vulnerability Description

Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://bugs.gentoo.org/show_bug.cgi?id=188148Third Party Advisory
• http://osvdb.org/36799Broken Link
• http://secunia.com/advisories/25470Third Party Advisory
• http://secunia.com/advisories/26364Third Party Advisory
• http://secunia.com/advisories/27715Third Party Advisory
• http://security.gentoo.org/glsa/glsa-200711-21.xmlThird Party Advisory
• http://taviso.decsystem.org/virtsec.pdfThird Party Advisory
• http://www.debian.org/security/2007/dsa-1351Third Party Advisory
• http://www.securityfocus.com/bid/24246Third Party AdvisoryVDB Entry
• http://www.vupen.com/english/advisories/2007/1936Third Party Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/34508Third Party AdvisoryVDB Entry
• http://bugs.gentoo.org/show_bug.cgi?id=188148Third Party Advisory
• http://osvdb.org/36799Broken Link
• http://secunia.com/advisories/25470Third Party Advisory
• http://secunia.com/advisories/26364Third Party Advisory