CVE-2024-6154

Name of the Vulnerable Software and Affected Versions Parallels Desktop (affected versions not specified)

Description The issue is related to a heap-based buffer overflow in the Toolgate component of Parallels Desktop, which can be exploited by local attackers to escalate privileges and execute arbitrary code in the context of the current user on the host system. The flaw exists due to the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.