CVE-2007-1222 in Parallels Desktopinfo

Summary

by MITRE

Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 10/09/2017

The vulnerability described in CVE-2007-1222 represents a critical privilege escalation flaw in Parallels Desktop for Mac versions prior to 20070216. This issue stems from the implementation of drag and drop functionality that creates a shared filesystem mapping between the host and guest operating systems. The core technical flaw involves the creation of a .psf share that exposes the entire host filesystem to the guest environment, fundamentally undermining the isolation typically maintained between virtualized and host systems. This design decision creates an attack surface where guest system users can directly manipulate host filesystem contents through the shared mapping mechanism.

The operational impact of this vulnerability extends beyond simple file access to full system compromise. Local users within the guest operating system can leverage the shared filesystem to write arbitrary files to critical host directories, including the LaunchAgents directory where launchd services are managed. This capability directly enables arbitrary code execution on the host system through privilege escalation techniques. The vulnerability specifically targets the launchd service management framework, allowing attackers to place malicious plist configuration files that will be executed with elevated privileges when the system processes these launch agents. This represents a classic privilege escalation vector where guest-level access can be leveraged to achieve host-level system compromise.

From a cybersecurity perspective, this vulnerability aligns with CWE-264, which addresses permissions, privileges, and access controls, specifically focusing on improper access control mechanisms that allow unauthorized system modifications. The attack pattern follows ATT&CK technique T1068, which involves local privilege escalation through the exploitation of system-level service configuration files. The vulnerability demonstrates a fundamental flaw in virtualization security boundaries where the hypervisor or virtualization software fails to properly enforce access controls between host and guest environments. The shared filesystem implementation creates an unnecessary and dangerous exposure that violates the principle of least privilege, allowing guest users to write files to host directories they should not normally access.

Mitigation strategies for this vulnerability require immediate patching of Parallels Desktop installations to version 20070216 or later, which addresses the flawed filesystem sharing implementation. Organizations should also implement network segmentation and access controls to limit guest system capabilities, particularly disabling unnecessary features like drag and drop functionality when not required for business operations. System administrators should monitor for unauthorized modifications to launchd directories and implement file integrity monitoring solutions to detect malicious plist file installations. Additionally, virtualization environments should be configured with minimal shared resources and strict access controls to prevent guest systems from accessing critical host directories. The incident underscores the importance of maintaining current virtualization software versions and implementing robust security controls around virtual machine configurations to prevent similar privilege escalation attacks.

Reservation

03/02/2007

Disclosure

03/02/2007

Moderation

accepted

Entry

VDB-35355

CPE

ready

EPSS

0.00359

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!