Info

Disclosure

Feb 10, 2004

Discovery

Feb 10, 2004

Dates

Exploit

Unknown

Solution

Unknown

Description

Virtual PC for Mac contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered because the program creates temporary files insecurely. This flaw may lead to a loss of integrity and/or availability.

Classification

Location: Local Access Required
Attack Type: Race Condition
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Virtual PC	6.0 for Mac
		6.01 for Mac
		6.02 for Mac
		6.1 for Mac

References

Secunia Advisory ID: 10836
CVE ID: 2004-0115 (see also: NVD)
Bugtraq ID: 9632
Other Advisory URL: http://www.atstake.com/research/advisories/2004/a021004-1.txt
Microsoft Security Bulletin: MS04-005

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/3893

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Virtual PC

References

Credit