CVE-2007-2894

Bochs 2.3 - Denial of Service via Floppy Disk Controller

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2894. PoCs published by Tavis Ormandy.

AI-analyzed exploit summary This exploit targets a heap-based buffer overflow and divide-by-zero vulnerability in Bochs. It uses direct port I/O operations to trigger the vulnerability, potentially leading to arbitrary code execution or denial-of-service conditions.

Description

The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tavis Ormandy · cdoslinux

https://www.exploit-db.com/exploits/30110

View Code ZIP pw:eip

This exploit targets a heap-based buffer overflow and divide-by-zero vulnerability in Bochs. It uses direct port I/O operations to trigger the vulnerability, potentially leading to arbitrary code execution or denial-of-service conditions.

Classification

Working Poc 90%

Attack Type

Rce | Dos

Complexity

Moderate

Reliability

Reliable

Target: Bochs (version not specified)

No auth needed

Prerequisites: Local access to the system running Bochs · Sufficient privileges to execute I/O operations

MITRE ATT&CK