Follow up of offtopic discussion (started by me) here
viewtopic.php?f=6&t=64111
poncho524 wrote:
You could say something like:
(a) The vulnerability allows for arbitrary code to be run with privileges on the Host OS, given that the Host OS has already been compromised.
[or] (b) This could allow crossover from guest to host (if thats true, that would be a Big Deal)
This is still my only question. I fully understand why the details are not disclosed. But the basic resolution between the (a) and (b) case should be said. My understanding is that all of this is
the (a) one. In this case it is up to user responsibility to keep his/her
host system clean. There are Windows features like Software Restriction Policy that effectively prevents loading "bad" DLLs from unwanted locations (temp or documents folders) accessible for write under non-administrator account at OS level (if someone lets his/her system to infect by a malware under administrator account, nothing can help there). Again, I can not agree that there is something wrong with Windows API design related to loading DLLs as has been criticized in recent discussion.
socratis wrote:Just to add to what Perry said, imagine the two potential release notes:
[*]Fixed a vulnerability where a guest could gain administrator access to the host (CVE ###).
I am not sure that is the case due the lack of information. Based on available information and current issues I tend (hope) to believe it is the (a) case.
Ok, you win.