Vulnerabilities > CVE-2015-6923 - Arbitrary Memory Write Privilege Escalation vulnerability in Vboxcomm Satellite Express Protocol 2.3.17.3
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call. <a href="https://cwe.mitre.org/data/definitions/123.html">CWE-123: Write-what-where Condition</a>
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | VBox Satellite Express 2.3.17.3 - Arbitrary Write. CVE-2015-6923. Dos exploit for windows platform |
file | exploits/windows/dos/38225.txt |
id | EDB-ID:38225 |
last seen | 2016-02-04 |
modified | 2015-09-17 |
platform | windows |
port | |
published | 2015-09-17 |
reporter | KoreLogic |
source | https://www.exploit-db.com/download/38225/ |
title | VBox Satellite Express 2.3.17.3 - Arbitrary Write |
type | dos |
Packetstorm
data source | https://packetstormsecurity.com/files/download/133620/KL-001-2015-005.txt |
id | PACKETSTORM:133620 |
last seen | 2016-12-05 |
published | 2015-09-19 |
reporter | Matthew Bergin |
source | https://packetstormsecurity.com/files/133620/VBox-Satellite-Express-Arbitrary-Write-Privilege-Escalation.html |
title | VBox Satellite Express Arbitrary Write Privilege Escalation |
References
- http://packetstormsecurity.com/files/133620/VBox-Satellite-Express-Arbitrary-Write-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2015/Sep/72
- http://www.securityfocus.com/archive/1/536491/100/0/threaded
- https://www.exploit-db.com/exploits/38225/
- https://www.korelogic.com/Resources/Advisories/KL-001-2015-005.txt