Detections
Analytics
Oracle VM VirtualBox < 3.2.22 / 4.0.24 / 4.1.32 / 4.2.24 / 4.3.8 Multiple Memory Corruption
medium Nessus Plugin ID 72985
Language:
Synopsis
The remote host has an application that is affected by multiple memory corruption vulnerabilities.Description
The remote host contains a version of Oracle VM VirtualBox that is 3.2.x prior to 3.2.22, 4.0.24, 4.1.32, 4.2.24 or 4.3.8. It is, therefore, potentially affected by the following vulnerabilities :- An input validation error exists in the function 'crNetRecvReadback' in the file 'GuestHost/OpenGL/util/net.c' related to handling CR_MESSAGE_READBACK and CR_MESSAGE_WRITEBACK messages that could allow memory corruption leading to application crashes and possibly arbitrary code execution. (CVE-2014-0981)
- An input validation error exists related to the Chromium server and the handling of CR_VERTEXATTRIB4NUBARB_OPCODE messages that could allow memory corruption leading to application crashes and possibly arbitrary code execution. (CVE-2014-0983)
Solution
Upgrade Oracle VM VirtualBox to 3.2.22 / 4.0.24 / 4.1.32 / 4.2.24 / 4.3.8 or later.See Also
http://www.nessus.org/u?3b8225dd
Plugin Details
Severity: Medium
ID: 72985
File Name: virtualbox_4_3_8.nasl
Version: 1.14
Type: local
Agent: windows
Family: Windows
Published: 4/16/2014
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.5
CVSS v2
Risk Factor: Medium
Base Score: 6.9
Temporal Score: 5.7
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:oracle:vm_virtualbox
Required KB Items: VirtualBox/Version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/11/2014
Vulnerability Publication Date: 2/25/2014
Exploitable With
Core Impact
Metasploit (VirtualBox 3D Acceleration Virtual Machine Escape)
Reference Information
CVE: CVE-2014-0981, CVE-2014-0983