Vulnerabilities > CVE-2015-6923 - Arbitrary Memory Write Privilege Escalation vulnerability in Vboxcomm Satellite Express Protocol 2.3.17.3

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
vboxcomm
exploit available

Summary

The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call. <a href="https://cwe.mitre.org/data/definitions/123.html">CWE-123: Write-what-where Condition</a>

Vulnerable Configurations

Part Description Count
Application
Vboxcomm
1

Exploit-Db

descriptionVBox Satellite Express 2.3.17.3 - Arbitrary Write. CVE-2015-6923. Dos exploit for windows platform
fileexploits/windows/dos/38225.txt
idEDB-ID:38225
last seen2016-02-04
modified2015-09-17
platformwindows
port
published2015-09-17
reporterKoreLogic
sourcehttps://www.exploit-db.com/download/38225/
titleVBox Satellite Express 2.3.17.3 - Arbitrary Write
typedos

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/133620/KL-001-2015-005.txt
idPACKETSTORM:133620
last seen2016-12-05
published2015-09-19
reporterMatthew Bergin
sourcehttps://packetstormsecurity.com/files/133620/VBox-Satellite-Express-Arbitrary-Write-Privilege-Escalation.html
titleVBox Satellite Express Arbitrary Write Privilege Escalation