Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Published: 2014-03-31
Updated: 2018-10-09
Summary
VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.
Vulnerable Configurations
Part | Description | Count |
Application | Oracle | 15 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities. CVE-2014-0981,CVE-2014-0982,CVE-2014-0983. Dos exploits for multiple platform |
file | exploits/multiple/dos/32208.txt |
id | EDB-ID:32208 |
last seen | 2016-02-03 |
modified | 2014-03-12 |
platform | multiple |
port | |
published | 2014-03-12 |
reporter | Core Security |
source | https://www.exploit-db.com/download/32208/ |
title | Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities |
type | dos |
Nessus
NASL family | Windows |
NASL id | VIRTUALBOX_4_3_8.NASL |
description | The remote host contains a version of Oracle VM VirtualBox that is 3.2.x prior to 3.2.22, 4.0.24, 4.1.32, 4.2.24 or 4.3.8. It is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists in the function |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 72985 |
published | 2014-04-16 |
reporter | This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/72985 |
title | Oracle VM VirtualBox < 3.2.22 / 4.0.24 / 4.1.32 / 4.2.24 / 4.3.8 Multiple Memory Corruption |
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-2904.NASL |
description | Francisco Falcon discovered that missing input sanitizing in the 3D acceleration code in VirtualBox could lead to the execution of arbitrary code on the host system. |
last seen | 2020-03-17 |
modified | 2014-04-16 |
plugin id | 73534 |
published | 2014-04-16 |
reporter | This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/73534 |
title | Debian DSA-2904-1 : virtualbox - security update |
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-201612-27.NASL |
description | The remote host is affected by the vulnerability described in GLSA-201612-27 (VirtualBox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact : Local attackers could cause a Denial of Service condition, execute arbitrary code, or escalate their privileges. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 95695 |
published | 2016-12-12 |
reporter | This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/95695 |
title | GLSA-201612-27 : VirtualBox: Multiple vulnerabilities (Venom) |
Seebug
bulletinFamily | exploit |
description | No description provided by source. |
id | SSV:85507 |
last seen | 2017-11-19 |
modified | 2014-07-01 |
published | 2014-07-01 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-85507 |
title | Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities |