The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox prior to 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
sun xvm virtualbox 1.5.2 |
||
sun xvm virtualbox 1.5.4 |
||
sun xvm virtualbox 1.3.2 |
||
sun xvm virtualbox 1.5.6 |
||
sun xvm virtualbox 1.6.0 |
||
sun xvm virtualbox 1.3.8 |
||
sun xvm virtualbox 1.4.0 |
||
sun xvm virtualbox 1.5.0 |
||
sun xvm virtualbox 1.3.4 |
||
sun xvm virtualbox 1.3.6 |
||
sun xvm virtualbox |
For more than three years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of. This is our latest installment, focus...
Vulmon