Vulnerability Description
The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Virtual Pc | 2004 |
| Microsoft | Virtual Server | 2005 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/35808
- http://www.securitytracker.com/id?1022544
- http://www.us-cert.gov/cas/techalerts/TA09-195A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2009/1890
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-03
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://secunia.com/advisories/35808
- http://www.securitytracker.com/id?1022544
- http://www.us-cert.gov/cas/techalerts/TA09-195A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2009/1890
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-03
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2009-1542?
CVE-2009-1542 is a vulnerability with a CVSS score of 9.0 (HIGH). The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine inst...
How severe is CVE-2009-1542?
CVE-2009-1542 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1542?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Virtual Pc, Microsoft Virtual Server.