A vulnerability within VBoxGuest module allows an malicious user to inject memory they control into an arbitrary location they define. This can be used by an malicious user to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile. Oracle VirtualBox Guest Additions versions 4.3.8 up to and including 4.3.10 are affected.