Computer Security
[EN] securityvulns.ru no-pyccku


Sun xVM privilege escalation
Published:07.08.2008
Source:
SecurityVulns ID:9206
Type:local
Threat Level:
5/10
Description:VBoxDrv.sys driver kernel mode code execution.
Affected:SUN : xVM VirtualBox 1.6
CVE:CVE-2008-3431 (The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0716 - Sun xVM VirtualBox Privilege Escalation Vulnerability (07.08.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod