Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Virtual PC Hypervisor Memory Protection Vulnerability
1. *Advisory Information*
Nicolas Bareli - Sandboxing based on SECCOM for Linux kernel
Cesar Cerrudo - Token Kidnapping\'s Revenge
Cesar Cerrudo History 0days, Disclosing y otras yerbas
Claudio Criscione - Virtually Pwned: Pentesting VMware
Giovanni Cruz - Atacking VoIP…a paradise!
Nicolas Economou - 2x1 Microsoft Bugs: 'Virtual PC hyper-hole-visor' +
'Windows Creation Vulnerability (MS10-048)'
Gary Golomb - Network-based detection of PE structural anomalies and
linker characteristics
Michael Hudson - Wrong Way, the true story of a Black Hat
Barnaby Jack - Jackpotting Automated Teller Machines
-------------------------------------------------
MS Patch - MS07-048 Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue.
-------------------------------------------------
MS Patch - MS07-049 Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue.
-------------------------------------------------
MS Patch - MS07-050 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)
Analysis - Possible security issue exists. Patch will run successfully.
root cause of the problem and the list of affected versions.
. 2009-12-16:
Microsoft sends further analysis of bug MSRC 9562, which has been
analyzed in conjunction with the reported bug MSRC case 9326 in Virtual
PC. MSRC indicates that it has been unable to reproduce an exploitable
condition using the Excel bug (MSRC 9562).
. 2009-12-22:
Core acknowledges receipt of the analysis of bug MSRC 9562, and agrees
with the technical analysis.
