Vulnerabilities > CVE-2007-1222 - Unspecified vulnerability in Parallels Desktop

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

parallels

NVD

Published: 2007-03-02

Updated: 2008-11-15

Summary

Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory.

Vulnerable Configurations

Part	Description	Count
OS	Apple Apple MAC OS X 10.4.9	1
Application	Parallels Parallels Parallels Desktop *	1

References

http://lists.immunitysec.com/pipermail/dailydave/2007-February/004091.html
http://secunia.com/advisories/24171
http://osvdb.org/33799