Vulnerability Details CVE-2007-2455
Parallels allows local users to cause a denial of service (virtual machine abort) via (1) certain INT instructions, as demonstrated by INT 0xAA; (2) an IRET instruction when an invalid address is at the top of the stack; (3) a malformed MOVNTI instruction, as demonstrated by using a register as a destination; or a write operation to (4) SEGR6 or (5) SEGR7.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.2%
CVSS Severity
CVSS v2 Score 6.1
References
Products affected by CVE-2007-2455
-
cpe:2.3:a:parallels:parallels_desktop:14.0.0
-
cpe:2.3:a:parallels:parallels_desktop:14.0.1
-
cpe:2.3:a:parallels:parallels_desktop:14.1.0
-
cpe:2.3:a:parallels:parallels_desktop:14.1.1
-
cpe:2.3:a:parallels:parallels_desktop:14.1.2
-
cpe:2.3:a:parallels:parallels_desktop:14.1.3
-
cpe:2.3:a:parallels:parallels_desktop:15.0.0
-
cpe:2.3:a:parallels:parallels_desktop:15.1.0
-
cpe:2.3:a:parallels:parallels_desktop:15.1.1
-
cpe:2.3:a:parallels:parallels_desktop:15.1.2
-
cpe:2.3:a:parallels:parallels_desktop:15.1.3
-
cpe:2.3:a:parallels:parallels_desktop:15.1.4
-
cpe:2.3:a:parallels:parallels_desktop:15.1.4-47270
-
cpe:2.3:a:parallels:parallels_desktop:15.1.5-47309
-
cpe:2.3:a:parallels:parallels_desktop:16.0.0
-
cpe:2.3:a:parallels:parallels_desktop:16.0.1
-
cpe:2.3:a:parallels:parallels_desktop:16.1.0
-
cpe:2.3:a:parallels:parallels_desktop:16.1.0-48950
-
cpe:2.3:a:parallels:parallels_desktop:16.1.1
-
cpe:2.3:a:parallels:parallels_desktop:16.1.1-49141
-
cpe:2.3:a:parallels:parallels_desktop:16.1.2
-
cpe:2.3:a:parallels:parallels_desktop:16.1.2-49151
-
cpe:2.3:a:parallels:parallels_desktop:16.1.3
-
cpe:2.3:a:parallels:parallels_desktop:16.5.0
-
cpe:2.3:a:parallels:parallels_desktop:16.5.0_(49183)
-
cpe:2.3:a:parallels:parallels_desktop:16.5.1
-
cpe:2.3:a:parallels:parallels_desktop:16.5.1_(49187)
-
cpe:2.3:a:parallels:parallels_desktop:17.1.1
-
cpe:2.3:a:parallels:parallels_desktop:17.1.1_(51537)