Reported February 10, 2004, by Microsoft.

 

 

 

VERSIONS AFFECTED

 

·         Microsoft Virtual PC for Mac 6.0 and 6.1

DESCRIPTION

A vulnerability in Microsoft Virtual PC for Mac 6.0 and 6.1 can result in the execution of arbitrary code with system-level privileges. This vulnerability is a result of the method by which Virtual PC for Mac creates a temporary file when you run the software. An attacker could exploit this vulnerability by inserting malicious code into the temporary file.

VENDOR RESPONSE

Microsoft has released security bulletin MS04-005, "Vulnerability in Virtual PC for Mac could lead to privilege elevation (835150)," to address this vulnerability and recommends that affected users immediately apply the appropriate patch listed in the bulletin.

CREDIT

Discovered by George Gal of @stake.