CVE-2010-1225

Name of the Vulnerable Software and Affected Versions Microsoft Virtual PC 2007 versions Gold through SP1 Microsoft Virtual Server 2005 versions Gold through R2 SP1 Windows Virtual PC (affected versions not specified)

Description The issue is related to the memory-management implementation in the Virtual Machine Monitor, which does not properly restrict access from the guest OS to memory locations in the VMM work area. This allows attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. It is noted that only systems with an otherwise vulnerable application are affected.

Recommendations For Microsoft Virtual PC 2007 versions Gold through SP1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Microsoft Virtual Server 2005 versions Gold through R2 SP1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Windows Virtual PC: At the moment, there is no information about a newer version that contains a fix for this vulnerability.