Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
1.9
CVSSv2

CVE-2019-2525

Published: 16/01/2019 Updated: 24/08/2020
CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 5.6 | Impact Score: 4 | Exploitability Score: 1.1
VMScore: 170
Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Oracle

Vulnerability Summary

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are before 5.2.24 and before 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle vm virtualbox

oracle vm virtualbox 6.0.0

Github Repositories

https://github.com/Lanph3re/Vbox-1-day-exploit

virtualbox-1-day-exploit This repo is exploit code of CVE-2019-2525, and CVE-2019-2548

https://github.com/Lanph3re/virtualbox-1-day-exploit

virtualbox-1-day-exploit This repo is exploit code of CVE-2019-2525, and CVE-2019-2548

https://github.com/wotmd/VirtualBox-6.0.0-Exploit-1-day

CVE-2019-2525 / CVE-2019-2548

VirtualBox 600 Exploit 1-day 사용할 VBox bug CVE-2019-2525 : crUnpackExtendGetAttribLocation Infomation Disclosure CVE-2019-2548 : crServerDispatchReadPixels Interger overflow, lead to Heap overflow these bugs can be trigger on enable 3D Acceleration 먼저 설명에 앞서 아래 익스를 수행한 동영상을 찍어서 첨부한다 youtube/IQRLtqMgVCY?t=46

https://github.com/mwrlabs/3d-accelerated-exploitation

3D Accelerated Exploitation

3D Accelerated Exploitation The content of this repository is meant to be the official release of the tooling/exploit that was discussed during the OffensiveCon 2019 talk - 3D Accelerated Exploitation The talk dealt with research into the VirtualBox 3D Acceleration feature, which is backed by a software component called Chromium The talk can be found here exploit-dev-harness

References

NVD-CWE-noinfohttp://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttp://www.securityfocus.com/bid/106568http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.htmlhttps://nvd.nist.govhttps://github.com/Lanph3re/Vbox-1-day-exploithttps://github.com/wotmd/VirtualBox-6.0.0-Exploit-1-day
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-47626CVE-2024-3400physicalCVE-2024-31426CVE-2024-22423CVE-2024-22438injectlocal usersCVE-2024-3797
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook