=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2007/VULN359
_____________________________________________________________________

DATE                      : 16/08/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Tout système avec Microsoft Virtual PC ou 	

                            Microsoft Virtual Server 2005

======================================================================

MS07-049 - Vulnerability in Virtual PC and Virtual Server Could Allow
Elevation of Privilege (937986)

Original Bulletin:
  http://www.microsoft.com/technet/security/bulletin/ms07-049.mspx

Affected Software
   Microsoft Virtual PC 2004
   Microsoft Virtual Server 2005 Standard Edition
   Microsoft Virtual Server 2005 Enterprise Edition
   Microsoft Virtual Server 2005 R2 Standard Edition
   Microsoft Virtual Server 2005 R2 Enterprise Edition
   Microsoft Virtual PC for Mac Version 6.1
   Microsoft Virtual PC for Mac Version 7

Non-Affected Software
   Microsoft Virtual PC 2007
   Microsoft Virtual Server 2005 R2 Service Pack 1

Vulnerability Details:

Virtual PC and Virtual Server Heap Overflow Vulnerability - CVE-2007-0948

   An elevation of privilege vulnerability exists in Microsoft Virtual
PC and Microsoft Virtual Server that could allow a user with
administrator permissions to the guest operating system to run code on
the host operating system or other guest operating systems. An attacker
with administrator permissions to the guest operating system, could
exploit the vulnerability by running specially crafted code on the guest
operating system. This could result in a heap overflow on the host or
other guest operating systems. An attacker who successfully exploited
this vulnerability could take complete control of an affected system.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================