CVE-2007-1222

Name of the Vulnerable Software and Affected Versions Parallels Desktop for Mac versions prior to 20070216

Description The issue allows local users of the guest operating system to write arbitrary files to the host filesystem and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory. This is due to the implementation of Drag and Drop, which shares the entire host filesystem as the .psf share.

Recommendations For Parallels Desktop for Mac versions prior to 20070216, update to a version released after 20070216 to resolve the issue. As a temporary workaround, consider restricting access to the LaunchAgents directory to minimize the risk of exploitation.