N/A

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop version 14.1.3 (45485). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of root. Was ZDI-CAN-8685.

N/A

在命令中使用的特殊元素转义处理不恰当(命令注入)

Corel Parallels Desktop 命令注入漏洞

Corel Parallels Desktop是加拿大Corel公司的一套适用于macOS平台的虚拟机软件。 Corel Parallels Desktop 14.1.3 (45485)版本中存在命令注入漏洞，该漏洞源于程序没有正确验证用户提交的字符串就直接进行系统调用。本地攻击者可利用该漏洞提升权限并执行代码。

N/A

N/A