Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Published: 2014-03-31
Updated: 2018-10-09
Summary
Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function.
Vulnerable Configurations
Part | Description | Count |
Application | Oracle | 15 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities. CVE-2014-0981,CVE-2014-0982,CVE-2014-0983. Dos exploits for multiple platform |
file | exploits/multiple/dos/32208.txt |
id | EDB-ID:32208 |
last seen | 2016-02-03 |
modified | 2014-03-12 |
platform | multiple |
port | |
published | 2014-03-12 |
reporter | Core Security |
source | https://www.exploit-db.com/download/32208/ |
title | Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities |
type | dos |
description | VirtualBox 3D Acceleration Virtual Machine Escape. CVE-2014-0983,CVE-2015-4523. Remote exploit for win64 platform |
id | EDB-ID:34334 |
last seen | 2016-02-03 |
modified | 2014-08-14 |
published | 2014-08-14 |
reporter | metasploit |
source | https://www.exploit-db.com/download/34334/ |
title | VirtualBox 3D Acceleration Virtual Machine Escape |
Metasploit
description | This module exploits a vulnerability in the 3D Acceleration support for VirtualBox. The vulnerability exists in the remote rendering of OpenGL-based 3D graphics. By sending a sequence of specially crafted rendering messages, a virtual machine can exploit an out of bounds array access to corrupt memory and escape to the host. This module has been tested successfully on Windows 7 SP1 (64 bits) as Host running Virtual Box 4.3.6. |
id | MSF:EXPLOIT/WINDOWS/LOCAL/VIRTUAL_BOX_OPENGL_ESCAPE |
last seen | 2020-05-20 |
modified | 2017-09-14 |
published | 2014-08-09 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/local/virtual_box_opengl_escape.rb |
title | VirtualBox 3D Acceleration Virtual Machine Escape |
Nessus
NASL family | Windows |
NASL id | VIRTUALBOX_4_3_8.NASL |
description | The remote host contains a version of Oracle VM VirtualBox that is 3.2.x prior to 3.2.22, 4.0.24, 4.1.32, 4.2.24 or 4.3.8. It is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists in the function |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 72985 |
published | 2014-04-16 |
reporter | This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/72985 |
title | Oracle VM VirtualBox < 3.2.22 / 4.0.24 / 4.1.32 / 4.2.24 / 4.3.8 Multiple Memory Corruption |
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-2904.NASL |
description | Francisco Falcon discovered that missing input sanitizing in the 3D acceleration code in VirtualBox could lead to the execution of arbitrary code on the host system. |
last seen | 2020-03-17 |
modified | 2014-04-16 |
plugin id | 73534 |
published | 2014-04-16 |
reporter | This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/73534 |
title | Debian DSA-2904-1 : virtualbox - security update |
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-201612-27.NASL |
description | The remote host is affected by the vulnerability described in GLSA-201612-27 (VirtualBox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact : Local attackers could cause a Denial of Service condition, execute arbitrary code, or escalate their privileges. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 95695 |
published | 2016-12-12 |
reporter | This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/95695 |
title | GLSA-201612-27 : VirtualBox: Multiple vulnerabilities (Venom) |
Seebug
bulletinFamily | exploit |
description | No description provided by source. |
id | SSV:85507 |
last seen | 2017-11-19 |
modified | 2014-07-01 |
published | 2014-07-01 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-85507 |
title | Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities |