Description The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
CVSS vector AV:L/AC:M/C:C/I:C/A:C Exploitability: 3.4 | Impact: 10.0 Affected Packages3 packages
🔴 Vulnerability Details2 GHSA GHSA-qf79-fpj8-8m3g: The qemu guest agent in Qemu 1 ↗ 2022-05-17 ▶ GHSA Static Methods since 2007 (div2007) extension for TYPO3 vulnerable to Cross-site Scripting ↗ 2022-05-17 ▶
💥 Exploits & PoCs12 Exploit-DB Microsoft Excel - OLE Arbitrary Code Execution ↗ 2017-09-30 ▶ Exploit-DB Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099) ↗ 2016-08-10 ▶ Exploit-DB Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042) ↗ 2016-04-14 ▶ Exploit-DB Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097) ↗ 2015-09-16 ▶ Exploit-DB Microsoft Excel 2007/2010/2013 - BIFFRecord Use-After-Free ↗ 2015-09-16 ▶ Show 7 more
📋 Vendor Advisories2 Red Hat qemu: guest agent creates files with insecure permissions in deamon mode ↗ 2013-05-06 ▶ Debian CVE-2013-2007: qemu - The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in ... ↗ 2013 ▶
💬 Community4 Bugzilla CVE-2007-6755 Dual_EC_DRBG: weak pseudo random number generator ↗ 2013-12-23 ▶ Bugzilla CVE-2013-2007 qemu: guest agent creates files with insecure permissions in deamon mode [fedora-all] ↗ 2013-05-31 ▶ Bugzilla CVE-2013-2007 qemu: guest agent creates files with insecure permissions in deamon mode [fedora-all] ↗ 2013-05-31 ▶ Bugzilla CVE-2013-2007 qemu: guest agent creates files with insecure permissions in deamon mode ↗ 2013-04-24 ▶