CVE-2007-2455
First published: Wed May 02 2007(Updated: )
Parallels allows local users to cause a denial of service (virtual machine abort) via (1) certain INT instructions, as demonstrated by INT 0xAA; (2) an IRET instruction when an invalid address is at the top of the stack; (3) a malformed MOVNTI instruction, as demonstrated by using a register as a destination; or a write operation to (4) SEGR6 or (5) SEGR7.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Parallels Desktop |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-2455?
CVE-2007-2455 is classified as a high severity vulnerability due to its potential to cause denial of service in virtual machines.
How do I fix CVE-2007-2455?
To mitigate CVE-2007-2455, users should install the latest patches and updates provided by Parallels for their software.
Who is affected by CVE-2007-2455?
CVE-2007-2455 affects local users of Parallels Desktop for Mac.
What type of vulnerability is CVE-2007-2455?
CVE-2007-2455 is a denial of service vulnerability that can cause a virtual machine abort.
What actions can exploit CVE-2007-2455?
Exploiting CVE-2007-2455 can be accomplished through specific INT instruction executions, an invalid IRET instruction, or malformed MOVNTI instructions.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/parallels
- canonical/parallels desktop