Vulnerabilities > CVE-2012-0111 - Local vulnerability in Oracle Virtualization and VM Virtualbox
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family Windows NASL id VIRTUALBOX_4_1_8.NASL description The version of Oracle VM VirtualBox 4.1.x installed on the remote Windows host is earlier than version 4.1.8 and is, therefore, affected by two unspecified local vulnerabilities. These vulnerabilities take advantage of shared folders and Windows Guest Additions that a local attacker could use to access and modify data that is accessible by Oracle VM VirtualBox. last seen 2020-06-01 modified 2020-06-02 plugin id 62901 published 2012-11-13 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62901 title Oracle VM VirtualBox 4.1.x < 4.1.8 Unspecified Local Issues NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-696.NASL description VirtualBox was updated to 4.1.22 stable release, bringing lots of security and also bugfixes. The 4.1.22 release is brought to all openSUSE distributions to align their versions. changes in virtualbox 4.1.22 (maintenance release) - VMM: fixed a potential host crash triggered by shutting down a VM when another VM was running - VMM: fixed a potential host crash under a high guest memory pressure (seen with Windows 8 guests) - VMM: respect RAM preallocation while restoring saved state. - VMM: fixed handling of task gates if VT-x/AMD-V is disabled - Storage: fixed audio CD passthrough for certain media players - USB: don last seen 2020-06-05 modified 2014-06-13 plugin id 74774 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74774 title openSUSE Security Update : virtualbox (openSUSE-SU-2012:1323-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201204-01.NASL description The remote host is affected by the vulnerability described in GLSA-201204-01 (VirtualBox: Multiple vulnerabilities) Multiple unspecified vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact : A local attacker may be able to gain escalated privileges via unknown attack vectors. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 59617 published 2012-06-21 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59617 title GLSA-201204-01 : VirtualBox: Multiple vulnerabilities
Oval
accepted | 2014-02-17T04:00:11.454-05:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders. | ||||||||||||
family | windows | ||||||||||||
id | oval:org.mitre.oval:def:16722 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2013-04-26T14:33:26.748+04:00 | ||||||||||||
title | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders | ||||||||||||
version | 8 |
References
- http://lists.opensuse.org/opensuse-updates/2012-10/msg00041.html
- http://secunia.com/advisories/48755
- http://secunia.com/advisories/50897
- http://security.gentoo.org/glsa/glsa-201204-01.xml
- http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16722