BugTraq
Vulnerability In SecureOL VE2 v1.05.1008 Sep 07 2005 12:42PM
maxim secureol com
Introduction:

VE2 provides two separate virtual environments (Secured and Public(
To ensure corporate security and to provide secured and free access to
the WEB while protecting the enterprise.

Summary:
Windows 16-bit execution support allows direct access to physical
memory through \\PhysicalMemory device (which is actually a section) for
legacy NTVDM and Virtual Real Mode of the processor, accessing physical
memory from Public Environment provides direct bridge to Secured
Environment processes memory.

Proof of concept:
http://cybermessageboard.xeran.com/secureol/viewtopic.php?t=26

Vulnerability submitted by Joe Stewart,
22.08.05

Patch Released:
23.08.05 - VE2 v1.05.1009

The information has been provided by Maxim Vainstein: maxim (at) secureol (dot) com [email concealed]

For more information: http://www.secureol.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus