CVE-2017-3561 Oracle VM VirtualBox Multiple Vulnerabilities.

漏洞类别:Local

漏洞等级:

漏洞信息

VirtualBox is a general-purpose full virtualizer for x86 hardware, targeted at server, desktop and embedded use.

Multiple vulnerabilities were reported in Oracle VM VirtualBox. A local user can cause denial of service conditions on the target system. A local user can access and modify data on the target system. A local user can obtain elevated privileges on the target system.
A local user can exploit a flaw in the Oracle VM VirtualBox Core component to gain elevated privileges [CVE-2017-3561, CVE-2017-3563, CVE-2017-3576].
A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and deny service [CVE-2017-3558].
A local user can exploit a flaw in the Oracle VM VirtualBox Shared Folder component to modify data and cause denial of service conditions [CVE-2017-3587].
A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and deny service [CVE-2017-3559].
A local user can exploit a flaw in the Oracle VM VirtualBox Core component to modify data and cause denial of service conditions [CVE-2017-3575].
A local user can exploit a flaw in the Oracle VM VirtualBox Shared Folder component to access and modify data [CVE-2017-3538].
A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data [CVE-2017-3513].

Affected Versions :
Oracle VM VirtualBox prior to 5.0.38, prior to 5.1.20

漏洞危害

A local user can cause denial of service conditions on the target system.
A local user can obtain data on the target system.
A local user can obtain elevated privileges on the target system.
A local user can modify data on the target system.

解决方案

The vendor has issued a fix (5.0.38, 5.1.20). Download latest version from here.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Oracle VM VirtualBox: Windows

0day

发表评论