CVE-2007-2454

{"id": "CVE-2007-2454", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": true, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-05-02T17:19:00.000", "references": [{"url": "http://osvdb.org/40228", "source": "cve@mitre.org"}, {"url": "http://taviso.decsystem.org/virtsec.pdf", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the VGA device in Parallels allows local users, with root access to the guest operating system, to terminate the virtual machine and possibly execute arbitrary code in the host operating system via unspecified vectors related to bitblt operations."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en el controlador VGA en Parallels permite a usuarios locales, con acceso de root para el sistema operativo invitado, para terminar la m\u00e1quina virtual y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n en el sistema operativo host a trav\u00e9s de vectores no especificados relacionados con operaciones bitblt."}], "lastModified": "2008-11-15T06:48:41.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:parallels:parallels_desktop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AC6A933-31CC-4966-A87E-B8AFB2479081"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}