cve-2014-0981
Vulnerability from cvelistv5
Published
2014-03-28 21:00
Modified
2024-08-06 09:34
Severity ?
EPSS score ?
Summary
VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:40.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32208",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/32208"
},
{
"name": "GLSA-201612-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-27"
},
{
"name": "57384",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57384"
},
{
"name": "20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/531418/100/0/threaded"
},
{
"name": "DSA-2904",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2904"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.virtualbox.org/changeset/50437/vbox"
},
{
"name": "20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/95"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32208",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/32208"
},
{
"name": "GLSA-201612-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-27"
},
{
"name": "57384",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57384"
},
{
"name": "20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/531418/100/0/threaded"
},
{
"name": "DSA-2904",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2904"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.virtualbox.org/changeset/50437/vbox"
},
{
"name": "20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/95"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32208",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32208"
},
{
"name": "GLSA-201612-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-27"
},
{
"name": "57384",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57384"
},
{
"name": "20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531418/100/0/threaded"
},
{
"name": "DSA-2904",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2904"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"name": "https://www.virtualbox.org/changeset/50437/vbox",
"refsource": "CONFIRM",
"url": "https://www.virtualbox.org/changeset/50437/vbox"
},
{
"name": "20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/95"
},
{
"name": "http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-0981",
"datePublished": "2014-03-28T21:00:00",
"dateReserved": "2014-01-07T00:00:00",
"dateUpdated": "2024-08-06T09:34:40.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB32F058-DDF8-4942-8D40-E3F97E4A44CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6BF7C87-3D44-4BAD-8A13-A0D3CEF6B413\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39A70834-328F-4095-8515-DCF00EB7F41A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9EDA1CE-050F-4386-AC6D-690D4337ACF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"783B92AB-5FAA-43A6-8525-9725289B6785\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7AFC93C-A4AC-4189-B467-07C4CC7D2810\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90379DE6-0E7E-4577-AF55-51801EEC5996\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8405F02F-805E-4472-A6B3-EC7746E25141\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71F68055-FD2D-4B4C-A0C7-EC507D4D82B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C5E21CB-335F-4DE0-A578-C3097E0D5AE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C50DDA06-9C87-494C-B3F4-C8919FB47A27\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C652C69-3F7D-4527-9D8B-81C95D2B5194\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0D46897-F49D-4D9A-819A-846F6833F3B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED513E51-2F4F-4CBA-BA4E-0960C76775D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22B0A194-02D5-4F3B-9317-2AB267D7E447\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad en el archivo VBox/GuestHost/OpenGL/util/net.c en Oracle VirtualBox versiones anteriores a 3.2.22, versiones 4.0.x anteriores a 4.0.24, versiones 4.1.x anteriores a 4.1.32, versiones 4.2.x anteriores a 4.2.24 y versiones 4.3.x anteriores a 4.3. 8, cuando se usa la aceleraci\\u00f3n 3D, los usuarios del OS invitado local pueden ejecutar un c\\u00f3digo arbitrario en el servidor Chromium por medio de un puntero de red Chromium dise\\u00f1ado en un mensaje (1) CR_MESSAGE_READBACK o (2) CR_MESSAGE_WRITEBACK hacia el servicio VBoxSharedCrOpenGL, lo que desencadena una desreferencia de puntero arbitraria y la corrupci\\u00f3n de la memoria . NOTA: este problema fue FUSIONADO con el CVE-2014-0982 porque es el mismo tipo de vulnerabilidad afectando al mismo conjunto de versiones. Todos los usuarios de CVE deben hacer referencia a CVE-2014-0981 en lugar de CVE-2014-0982.\"}]",
"id": "CVE-2014-0981",
"lastModified": "2024-11-21T02:03:09.247",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.4, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2014-03-31T14:58:35.570",
"references": "[{\"url\": \"http://seclists.org/fulldisclosure/2014/Mar/95\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/57384\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.debian.org/security/2014/dsa-2904\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.exploit-db.com/exploits/32208\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/531418/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/201612-27\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.virtualbox.org/changeset/50437/vbox\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Mar/95\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/57384\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.debian.org/security/2014/dsa-2904\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.exploit-db.com/exploits/32208\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/531418/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201612-27\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.virtualbox.org/changeset/50437/vbox\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2014-0981\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-03-31T14:58:35.570\",\"lastModified\":\"2024-11-21T02:03:09.247\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad en el archivo VBox/GuestHost/OpenGL/util/net.c en Oracle VirtualBox versiones anteriores a 3.2.22, versiones 4.0.x anteriores a 4.0.24, versiones 4.1.x anteriores a 4.1.32, versiones 4.2.x anteriores a 4.2.24 y versiones 4.3.x anteriores a 4.3. 8, cuando se usa la aceleraci\u00f3n 3D, los usuarios del OS invitado local pueden ejecutar un c\u00f3digo arbitrario en el servidor Chromium por medio de un puntero de red Chromium dise\u00f1ado en un mensaje (1) CR_MESSAGE_READBACK o (2) CR_MESSAGE_WRITEBACK hacia el servicio VBoxSharedCrOpenGL, lo que desencadena una desreferencia de puntero arbitraria y la corrupci\u00f3n de la memoria . NOTA: este problema fue FUSIONADO con el CVE-2014-0982 porque es el mismo tipo de vulnerabilidad afectando al mismo conjunto de versiones. Todos los usuarios de CVE deben hacer referencia a CVE-2014-0981 en lugar de CVE-2014-0982.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":4.4,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB32F058-DDF8-4942-8D40-E3F97E4A44CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6BF7C87-3D44-4BAD-8A13-A0D3CEF6B413\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39A70834-328F-4095-8515-DCF00EB7F41A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9EDA1CE-050F-4386-AC6D-690D4337ACF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"783B92AB-5FAA-43A6-8525-9725289B6785\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7AFC93C-A4AC-4189-B467-07C4CC7D2810\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90379DE6-0E7E-4577-AF55-51801EEC5996\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8405F02F-805E-4472-A6B3-EC7746E25141\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71F68055-FD2D-4B4C-A0C7-EC507D4D82B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C5E21CB-335F-4DE0-A578-C3097E0D5AE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C50DDA06-9C87-494C-B3F4-C8919FB47A27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C652C69-3F7D-4527-9D8B-81C95D2B5194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0D46897-F49D-4D9A-819A-846F6833F3B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED513E51-2F4F-4CBA-BA4E-0960C76775D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22B0A194-02D5-4F3B-9317-2AB267D7E447\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2014/Mar/95\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/57384\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.debian.org/security/2014/dsa-2904\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.exploit-db.com/exploits/32208\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/531418/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201612-27\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.virtualbox.org/changeset/50437/vbox\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Mar/95\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/57384\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.debian.org/security/2014/dsa-2904\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.exploit-db.com/exploits/32208\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/531418/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201612-27\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.virtualbox.org/changeset/50437/vbox\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.