Parallels Drag and Drop Hidden Share Vulnerability
BID:22597
Info
Parallels Drag and Drop Hidden Share Vulnerability
| Bugtraq ID: | 22597 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 16 2007 12:00AM |
| Updated: | Feb 20 2007 05:06PM |
| Credit: | Rich Mogull is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Parallels Parallels Desktop for Mac OS X 0 |
| Not Vulnerable: | |
Discussion
Parallels Drag and Drop Hidden Share Vulnerability
Parallels is prone to an arbitrary code-execution vulnerability because of a design flaw in the affected application.
An attacker can exploit this issue to create files in the host operating system. This could result in the execution of code.
Parallels is prone to an arbitrary code-execution vulnerability because of a design flaw in the affected application.
An attacker can exploit this issue to create files in the host operating system. This could result in the execution of code.
Exploit / POC
Parallels Drag and Drop Hidden Share Vulnerability
An attacker can exploit these issues by gaining local interactive access to the affected computer.
The following proof of concept demonstrates this issue.
An attacker can exploit these issues by gaining local interactive access to the affected computer.
The following proof of concept demonstrates this issue.
Solution / Fix
Parallels Drag and Drop Hidden Share Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Reports indicate this issue has been addressed in the latest release of Parallels. Symantec has not confirmed this.
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Reports indicate this issue has been addressed in the latest release of Parallels. Symantec has not confirmed this.
References
Parallels Drag and Drop Hidden Share Vulnerability
References:
References:
- [Dailydave] Minor Virtualization Vulnerability (Rich Mogull)
- Parallels Homepage (Parallels )