CVE-2014-0981 (GCVE-0-2014-0981)

Vulnerability from cvelistv5 – Published: 2014-03-28 21:00 – Updated: 2024-08-06 09:34
VLAI?
Summary
VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:34:40.679Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32208",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/32208"
          },
          {
            "name": "GLSA-201612-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-27"
          },
          {
            "name": "57384",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57384"
          },
          {
            "name": "20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/531418/100/0/threaded"
          },
          {
            "name": "DSA-2904",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2904"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.virtualbox.org/changeset/50437/vbox"
          },
          {
            "name": "20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Mar/95"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-03-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption.  NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "32208",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/32208"
        },
        {
          "name": "GLSA-201612-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201612-27"
        },
        {
          "name": "57384",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57384"
        },
        {
          "name": "20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/531418/100/0/threaded"
        },
        {
          "name": "DSA-2904",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2904"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.virtualbox.org/changeset/50437/vbox"
        },
        {
          "name": "20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Mar/95"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-0981",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption.  NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "32208",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/32208"
            },
            {
              "name": "GLSA-201612-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201612-27"
            },
            {
              "name": "57384",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57384"
            },
            {
              "name": "20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/531418/100/0/threaded"
            },
            {
              "name": "DSA-2904",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2904"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
            },
            {
              "name": "https://www.virtualbox.org/changeset/50437/vbox",
              "refsource": "CONFIRM",
              "url": "https://www.virtualbox.org/changeset/50437/vbox"
            },
            {
              "name": "20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Mar/95"
            },
            {
              "name": "http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities",
              "refsource": "MISC",
              "url": "http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-0981",
    "datePublished": "2014-03-28T21:00:00",
    "dateReserved": "2014-01-07T00:00:00",
    "dateUpdated": "2024-08-06T09:34:40.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB32F058-DDF8-4942-8D40-E3F97E4A44CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6BF7C87-3D44-4BAD-8A13-A0D3CEF6B413\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39A70834-328F-4095-8515-DCF00EB7F41A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9EDA1CE-050F-4386-AC6D-690D4337ACF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"783B92AB-5FAA-43A6-8525-9725289B6785\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7AFC93C-A4AC-4189-B467-07C4CC7D2810\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90379DE6-0E7E-4577-AF55-51801EEC5996\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8405F02F-805E-4472-A6B3-EC7746E25141\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71F68055-FD2D-4B4C-A0C7-EC507D4D82B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C5E21CB-335F-4DE0-A578-C3097E0D5AE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C50DDA06-9C87-494C-B3F4-C8919FB47A27\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C652C69-3F7D-4527-9D8B-81C95D2B5194\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0D46897-F49D-4D9A-819A-846F6833F3B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED513E51-2F4F-4CBA-BA4E-0960C76775D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22B0A194-02D5-4F3B-9317-2AB267D7E447\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption.  NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad en el archivo VBox/GuestHost/OpenGL/util/net.c en Oracle VirtualBox versiones anteriores a 3.2.22, versiones 4.0.x anteriores a  4.0.24, versiones 4.1.x anteriores a  4.1.32, versiones 4.2.x anteriores a 4.2.24 y versiones 4.3.x anteriores a  4.3. 8, cuando se usa la aceleraci\\u00f3n 3D, los usuarios del OS invitado local pueden ejecutar un c\\u00f3digo arbitrario en el servidor Chromium por medio de un puntero de red Chromium dise\\u00f1ado en un mensaje (1) CR_MESSAGE_READBACK o (2) CR_MESSAGE_WRITEBACK hacia el servicio VBoxSharedCrOpenGL, lo que desencadena una desreferencia de puntero arbitraria y la corrupci\\u00f3n de la memoria . NOTA: este problema fue FUSIONADO con el CVE-2014-0982 porque es el mismo tipo de vulnerabilidad afectando al mismo conjunto de versiones. Todos los usuarios de CVE deben hacer referencia a CVE-2014-0981 en lugar de CVE-2014-0982.\"}]",
      "id": "CVE-2014-0981",
      "lastModified": "2024-11-21T02:03:09.247",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.4, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-03-31T14:58:35.570",
      "references": "[{\"url\": \"http://seclists.org/fulldisclosure/2014/Mar/95\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/57384\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.debian.org/security/2014/dsa-2904\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.exploit-db.com/exploits/32208\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/531418/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/201612-27\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.virtualbox.org/changeset/50437/vbox\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Mar/95\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/57384\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.debian.org/security/2014/dsa-2904\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.exploit-db.com/exploits/32208\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/531418/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201612-27\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.virtualbox.org/changeset/50437/vbox\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-0981\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-03-31T14:58:35.570\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption.  NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad en el archivo VBox/GuestHost/OpenGL/util/net.c en Oracle VirtualBox versiones anteriores a 3.2.22, versiones 4.0.x anteriores a  4.0.24, versiones 4.1.x anteriores a  4.1.32, versiones 4.2.x anteriores a 4.2.24 y versiones 4.3.x anteriores a  4.3. 8, cuando se usa la aceleraci\u00f3n 3D, los usuarios del OS invitado local pueden ejecutar un c\u00f3digo arbitrario en el servidor Chromium por medio de un puntero de red Chromium dise\u00f1ado en un mensaje (1) CR_MESSAGE_READBACK o (2) CR_MESSAGE_WRITEBACK hacia el servicio VBoxSharedCrOpenGL, lo que desencadena una desreferencia de puntero arbitraria y la corrupci\u00f3n de la memoria . NOTA: este problema fue FUSIONADO con el CVE-2014-0982 porque es el mismo tipo de vulnerabilidad afectando al mismo conjunto de versiones. Todos los usuarios de CVE deben hacer referencia a CVE-2014-0981 en lugar de CVE-2014-0982.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":4.4,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB32F058-DDF8-4942-8D40-E3F97E4A44CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6BF7C87-3D44-4BAD-8A13-A0D3CEF6B413\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39A70834-328F-4095-8515-DCF00EB7F41A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9EDA1CE-050F-4386-AC6D-690D4337ACF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"783B92AB-5FAA-43A6-8525-9725289B6785\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7AFC93C-A4AC-4189-B467-07C4CC7D2810\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90379DE6-0E7E-4577-AF55-51801EEC5996\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8405F02F-805E-4472-A6B3-EC7746E25141\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71F68055-FD2D-4B4C-A0C7-EC507D4D82B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C5E21CB-335F-4DE0-A578-C3097E0D5AE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C50DDA06-9C87-494C-B3F4-C8919FB47A27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C652C69-3F7D-4527-9D8B-81C95D2B5194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0D46897-F49D-4D9A-819A-846F6833F3B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED513E51-2F4F-4CBA-BA4E-0960C76775D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22B0A194-02D5-4F3B-9317-2AB267D7E447\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2014/Mar/95\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/57384\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.debian.org/security/2014/dsa-2904\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.exploit-db.com/exploits/32208\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/531418/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201612-27\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.virtualbox.org/changeset/50437/vbox\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Mar/95\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/57384\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.debian.org/security/2014/dsa-2904\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.exploit-db.com/exploits/32208\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/531418/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201612-27\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.virtualbox.org/changeset/50437/vbox\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.