Vulnerabilities > CVE-2017-10204 - Unspecified vulnerability in Oracle VM Virtualbox
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Vulnerable Configurations
Exploit-Db
| description | VirtualBox 5.1.22 - Windows Process DLL Signature Bypass Privilege Escalation. CVE-2017-10204. Local exploit for Windows platform. Tags: Local |
| file | exploits/windows/local/42425.txt |
| id | EDB-ID:42425 |
| last seen | 2017-08-03 |
| modified | 2017-08-03 |
| platform | windows |
| port | |
| published | 2017-08-03 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/42425/ |
| title | VirtualBox 5.1.22 - Windows Process DLL Signature Bypass Privilege Escalation |
| type | local |
Nessus
| NASL family | Misc. |
| NASL id | VIRTUALBOX_5_1_24.NASL |
| description | The version of Oracle VM VirtualBox installed on the remote host is 5.1.x prior to 5.1.24. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified vulnerabilities exist in the Core component that allow a local attacker to have an impact on confidentiality, integrity, and availability. (CVE-2017-10129, CVE-2017-10204, CVE-2017-10210, CVE-2017-10236, CVE-2017-10237, CVE-2017-10238, CVE-2017-10239, CVE-2017-10240, CVE-2017-10241, CVE-2017-10242) - Multiple unspecified vulnerabilities exist in the Core component that allow a local attacker to have an impact on integrity and availability. (CVE-2017-10187, CVE-2017-10233, CVE-2017-10235) - An unspecified vulnerability exists in the Core component that allows a local attacker to have an impact on confidentiality and availability. (CVE-2017-10209) Note that Nessus has not tested for these issues but has instead relied only on the application |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 101818 |
| published | 2017-07-19 |
| reporter | This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/101818 |
| title | Oracle VM VirtualBox 5.1.x < 5.1.24 (July 2017 CPU) |
References
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.securitytracker.com/id/1038929
- http://www.securityfocus.com/bid/99631
- https://www.exploit-db.com/exploits/42425/
- http://packetstormsecurity.com/files/152617/VirtualBox-COM-RPC-Interface-Code-Injection-Privilege-Escalation.html