[40207] in bugtraq
Vulnerability In SecureOL VE2 v1.05.1008
daemon@ATHENA.MIT.EDU (maxim@secureol.com)
Wed Sep 7 12:18:28 2005
Date: 7 Sep 2005 12:42:38 -0000
Message-ID: <20050907124238.16002.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: maxim@secureol.com
To: bugtraq@securityfocus.com
Introduction:
VE2 provides two separate virtual environments (Secured and Public(
To ensure corporate security and to provide secured and free access to
the WEB while protecting the enterprise.
Summary:
Windows 16-bit execution support allows direct access to physical
memory through \\PhysicalMemory device (which is actually a section) for
legacy NTVDM and Virtual Real Mode of the processor, accessing physical
memory from Public Environment provides direct bridge to Secured
Environment processes memory.
Proof of concept:
http://cybermessageboard.xeran.com/secureol/viewtopic.php?t=26
Vulnerability submitted by Joe Stewart,
22.08.05
Patch Released:
23.08.05 - VE2 v1.05.1009
The information has been provided by Maxim Vainstein: maxim@secureol.com
For more information: http://www.secureol.com
