Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-0981Oracle VM Virtualbox vulnerability

CWE-3996 documents6 sources
Severity
4.4MEDIUMNVD
EPSS
6.5%
top 8.89%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SUN VirtualboxOracle VM Virtualbox
Timeline
PublishedMar 31
Latest updateMay 14

Description

VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages2 packages

NVDoracle/vm_virtualbox15 versions+14
Ubuntusun/virtualbox< 4.3.10-dfsg-1

🔴Vulnerability Details

3
GHSA
GHSA-jg2m-q6h3-v5jg: VBox/GuestHost/OpenGL/util/net2022-05-14
OSV
CVE-2014-0981: VBox/GuestHost/OpenGL/util/net2014-03-31
CVEList
CVE-2014-0981: VBox/GuestHost/OpenGL/util/net2014-03-28

💥Exploits & PoCs

1
Exploit-DB
Oracle VM VirtualBox - 3D Acceleration Multiple Vulnerabilities2014-03-12

📋Vendor Advisories

1
Debian
CVE-2014-0981: virtualbox - VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x befor...2014
CVE-2014-0981 — Oracle VM Virtualbox vulnerability | cvebase