Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2010-1225

EPSS 39.12% · P97
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2010-1225

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Virtual PC内存管理绕过安全限制漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Virtual PC是流行的虚拟机工具,允许在同一台计算机上运行多个操作系统。 Microsoft Virtual PC 2007 Gold及SP1,Virtual Server 2005 Gold 及R2 SP1, 和 Windows Virtual PC的Virtual Machine Monitor(即VMM或hypervisor)的内存管理实施对VMM工作区由客户操作系统到内存地址的访问不设限,受骗用户可在客户操作系统向脆弱的应用发送特制输入,从而避开反剥削保护机制。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2010-1225

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2010-1225

登录查看更多情报信息。

Same Patch Batch · n/a · 2010-04-01 · 48 CVEs total

CVE-2010-0837Oracle Java SE 和Business Java 组件'Pack200'未明安全漏洞
CVE-2010-0840Oracle Java SE和Java for Business Java运行时环境漏洞
CVE-2010-0842Oracle Java SE和Java for Business Sound组件未明安全漏洞
CVE-2010-0846Oracle Java SE和Java for Business ImageIO组件未明安全漏洞
CVE-2010-0847Oracle Java SE 和Business Java 组件'Java 2D'未明安全漏洞
CVE-2010-0848Oracle Java SE 和Business Java 组建'Java 2D'未明安全漏洞
CVE-2010-0849Oracle Java SE和Java for Business Java 2D组件未明安全漏洞
CVE-2010-0850Oracle Java SE 和Business Java平台Java 2D 组件未明漏洞
CVE-2010-0845Oracle Java SE 和Business Java 组件'HotSpot Server'未明安全漏洞
CVE-2010-0838Oracle Java SE和Java for Business Java 2D组件未明安全漏洞
CVE-2010-0839Oracle Java SE 和Business Java 组件'Sound'未明安全漏洞
CVE-2010-0095Oracle Java SE 和Business Java 组件'Java Runtime Environment'未明安全漏洞
CVE-2010-0094Oracle Java SE和Java for Business Java运行时环境漏洞
CVE-2010-0093Oracle Java SE 和Business Java 组件'Java Runtime Environment'未明安全漏洞
CVE-2010-0092Oracle Java SE和Java for Business JAVA运行时环境漏洞
CVE-2010-0091Oracle Java SE 和Business Java 组件'Java Runtime Environment'未明安全漏洞
CVE-2010-0090Oracle Java SE和Java for Business JAVA运行时环境漏洞
CVE-2010-0089Oracle Java SE 和Business Java 组件'Java Web Start, Java Plug-in'未明安全漏洞
CVE-2010-0088Oracle Java SE 和Business Java 组件'Java Runtime Environment'未明安全漏洞
CVE-2010-0087Oracle Java SE 和Business Java 组件'Java Web Start, Java Plug-in'未明安全漏洞

Showing top 20 of 48 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2010-1225

No comments yet

Leave a comment