CVE-2014-2441
published 2014-04-16CVE-2014-2441: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to…
medium4.4CVSS 3.1
AVLACMAuNCPIPAP
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | virtualbox-guest-additions-iso | < virtualbox-guest-additions-iso 4.3.10-1 (bookworm) | virtualbox-guest-additions-iso 4.3.10-1 (bookworm) |
| oracle | vm_virtualbox | <= 4.1.30 | — |
| oracle | vm_virtualbox | — | — |
| oracle | vm_virtualbox | — | — |
| oracle | vm_virtualbox | — | — |
| oracle | vm_virtualbox | — | — |
| oracle | vm_virtualbox | — | — |
| oracle | vm_virtualbox | — | — |
| oracle | vm_virtualbox | — | — |
| oracle | vm_virtualbox | — | — |
| oracle | vm_virtualbox | — | — |
| oracle | vm_virtualbox | — | — |
| oracle | vm_virtualbox | — | — |
| oracle | vm_virtualbox | — | — |
| oracle | vm_virtualbox | — | — |
| oracle | vm_virtualbox | — | — |
| oracle | vm_virtualbox | — | — |
CVSS provenance
nvd4.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
osv4.4MEDIUM
VulDB
Oracle VM VirtualBox up to 4.1.32/4.2.24/4.3.10 Graphics Driver WDDM for Windows Guests Local Privilege Escalation (Nessus ID 73577 / XFDB-92498)
vuldb·2026-05-11·CVSS 4.4
CVE-2014-2441 [MEDIUM] Oracle VM VirtualBox up to 4.1.32/4.2.24/4.3.10 Graphics Driver WDDM for Windows Guests Local Privilege Escalation (Nessus ID 73577 / XFDB-92498)
A vulnerability has been found in Oracle VM VirtualBox up to 4.1.32/4.2.24/4.3.10 and classified as problematic. This impacts an unknown function of the component Graphics Driver WDDM for Windows Guests. This manipulation causes Local Privilege Escalation.
This vulnerability is tracked as CVE-2014-2441. The attack is restricted to local execution. No exploit exists.
The affected component should be upgraded.
GHSA
GHSA-pv64-424f-qw9m: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4
ghsa_unreviewed·2022-05-17
CVE-2014-2441 [MEDIUM] GHSA-pv64-424f-qw9m: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.
OSV
CVE-2014-2441: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4
osv·2014-04-16·CVSS 4.4
CVE-2014-2441 [MEDIUM] CVE-2014-2441: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.
Debian
CVE-2014-2441: virtualbox-guest-additions-iso - Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtua...
vendor_debian·2014·CVSS 4.4
CVE-2014-2441 [MEDIUM] CVE-2014-2441: virtualbox-guest-additions-iso - Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtua...
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.
Scope: local
bookworm: resolved (fixed in 4.3.10-1)
bullseye: resolved (fixed in 4.3.10-1)
forky: resolved (fixed in 4.3.10-1)
sid: resolved (fixed in 4.3.10-1)
trixie: resolved (fixed in 4.3.10-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-04-16
Published