Vulnerability In SecureOL VE2 v1.05.1008

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Vulnerability In SecureOL VE2 v1.05.1008
From: maxim@xxxxxxxxxxxx
Date: 7 Sep 2005 12:42:38 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Introduction:

VE2 provides two separate virtual environments (Secured and Public(
To ensure corporate security and to provide secured and free access to 
the WEB while protecting the enterprise.

Summary:
Windows 16-bit execution support allows direct access to physical 
memory through \\PhysicalMemory device (which is actually a section) for
legacy NTVDM and Virtual Real Mode of the processor, accessing physical
memory from Public Environment provides direct bridge to Secured
Environment processes memory.
 
Proof of concept:
http://cybermessageboard.xeran.com/secureol/viewtopic.php?t=26

 Vulnerability submitted by Joe Stewart,
 22.08.05

 Patch Released:
23.08.05  - VE2 v1.05.1009

The information has been provided by Maxim Vainstein: maxim@xxxxxxxxxxxx

For more information: http://www.secureol.com

Prev by Date: FreeBSD Security Advisory FreeBSD-SA-05:20.cvsbug
Next by Date: Re: Microsoft Windows keybd_event validation vulnerability
Previous by thread: FreeBSD Security Advisory FreeBSD-SA-05:20.cvsbug
Next by thread: SQL Injection[2] In MyBB PR2
Index(es):
- Date
- Thread