CVE-2007-1220

The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code.

CVSS v2.0 6.2 MEDIUM

6.2^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 1.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://securityreason.com/securityalert/2367
http://www.securityfocus.com/archive/1/461489/100/0/threaded
http://www.securityfocus.com/bid/22745	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:h:microsoft:xbox_360:4532:::::::*
	cpe:2.3:h:microsoft:xbox_360:4548:::::::*

cpe:2.3:h:microsoft:xbox_360:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-03-02 22:19

Updated : 2024-02-28 11:01

NVD link : CVE-2007-1220

Mitre link : CVE-2007-1220

CVE.ORG link : CVE-2007-1220

JSON object : View

Products Affected

microsoft

xbox_360

CWE

NVD-CWE-Other

{"id": "CVE-2007-1220", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": true, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-03-02T22:19:00.000", "references": [{"url": "http://securityreason.com/securityalert/2367", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/461489/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22745", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code."}, {"lang": "es", "value": "El Hypervisor en Microsoft Xbox 360 kernel 4532 y 4548 no verifica correctamente los par\u00e1metros pasados al despachador del syscall, que permite que los atacantes con acceso f\u00edsico evitar requisitos la firma de c\u00f3digo y que ejecuten c\u00f3digo de su elecci\u00f3n."}], "lastModified": "2018-10-16T16:37:17.640", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:microsoft:xbox_360:4532:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED5A9726-229A-4139-90F1-1BE668FBCC10"}, {"criteria": "cpe:2.3:h:microsoft:xbox_360:4548:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCB49F14-26C9-40CE-983A-B52BDB042B38"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:microsoft:xbox_360:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D60CBD08-C254-4DBC-96BD-0FBC1695DC8E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}