The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
AV:L/AC:L/Au:N/C:C/I:C/A:CCitrix Xenserver
APPCitrix6.0≤ 6.0.2Freebsd
OSFreebsd≤ 9.0Illumos
OSIllumos≤ r13723Joyent Smartos
OSJoyent≤ 20120614Microsoft Windows 7
OSMicrosoftwszystkie wersjeMicrosoft Windows Server 2003
OSMicrosoftwszystkie wersjeMicrosoft Windows Server 2008
OSMicrosoftr2Microsoft Windows Xp
OSMicrosoftwszystkie wersjeNetbsd
OSNetbsd≤ 6.0Sun Sunos
OSSun≤ 5.11Xen
OSXen4.0.04.0.14.0.24.0.34.0.44.1.04.1.1≤ 4.1.2
Related vulnerabilities
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly ...
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly val...
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properl...
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services wh...
Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows S...