Reported February 10, 2004, by Microsoft.
· Microsoft Virtual PC for Mac 6.0 and 6.1
A vulnerability in Microsoft Virtual PC for Mac 6.0 and 6.1 can result in the execution of arbitrary code with system-level privileges. This vulnerability is a result of the method by which Virtual PC for Mac creates a temporary file when you run the software. An attacker could exploit this vulnerability by inserting malicious code into the temporary file.
Microsoft has released security bulletin MS04-005, "Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150)," to address this vulnerability and recommends that affected users immediately apply the appropriate patch listed in the bulletin.
Discovered by George Gal of @stake.