Showing 1 - 3 of 3

CVE-2014-0981

Status Candidate

Overview

VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.

Related Files

Gentoo Linux Security Advisory 201612-27: Posted Dec 12, 2016; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201612-27 - Multiple vulnerabilities have been found in VirtualBox, the worst of which allows local users to escalate privileges. Versions before 4.3.28 are affected.; tags | advisory, local, vulnerability; systems | linux, gentoo; advisories | CVE-2014-0981, CVE-2014-0983, CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, CVE-2015-0377, CVE-2015-0418, CVE-2015-0427, CVE-2015-3456, CVE-2016-5608, CVE-2016-5610, CVE-2016-5611, CVE-2016-5613; SHA-256 | 8018cb397a0a196ca1155a3ee23c7a87d2f3e59d927afeeae104ca1ff0205aa0; Download | Favorite | View

Debian Security Advisory 2904-1: Posted Apr 15, 2014; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2904-1 - Francisco Falcon discovered that missing input sanisiting in the 3D acceleration code in VirtualBox could lead to the execution of arbitrary code on the host system.; tags | advisory, arbitrary; systems | linux, debian; advisories | CVE-2014-0981, CVE-2014-0983; SHA-256 | 55710322d25bef7d15ba3a2da0ca8209657fed23bc990c607cacab173c065ba2; Download | Favorite | View

Oracle VirtualBox 3D Acceleration Memory Corruption: Posted Mar 11, 2014; Authored by Core Security Technologies, Andres Blanco, Francisco Falcon | Site coresecurity.com; Core Security Technologies Advisory - Multiple memory corruption vulnerabilities have been found in the code that implements 3D Acceleration for OpenGL graphics in Oracle VirtualBox. These vulnerabilities could allow an attacker who is already running code within a Guest OS to escape from the virtual machine and execute arbitrary code on the Host OS.; tags | exploit, arbitrary, vulnerability; advisories | CVE-2014-0981, CVE-2014-0982, CVE-2014-0983; SHA-256 | 21ec84e64e681dcbf21f5213bd3356433798b0d9e50c61ad3431bb54276c747d; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 277 files
Ubuntu 101 files
indoushka 44 files
Jasper Nota 25 files
Gentoo 20 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Debian 11 files
Apple 10 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,084)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,580)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,432)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,710)
UNIX (9,432)
UnixWare (187)
Windows (6,668)
Other

CVE-2014-0981

Overview

Related Files

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems