Oracle VirtualBox 4.1 < 4.1.22 Task-Gate IDT Call NULL Pointer Dereference Local DoS

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by local
denial of service vulnerabilities.

Description :

The remote host contains a version of Oracle VirtualBox 4.1 before
4.1.22. As such, it is potentially affected by a local denial of
service vulnerability caused by invocation of software interrupt 0x8
from userspace. An attacker with access to the guest VM could leverage
this to cause a denial of service.

See also :

http://www.nessus.org/u?9fa4a738
https://www.virtualbox.org/wiki/Changelog
http://www.nessus.org/u?1cef09be

Solution :

Upgrade to Oracle VirtualBox 4.1.22 / 4.2 or later.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 1.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 62100 ()

Bugtraq ID: 55471
56045

CVE ID: CVE-2012-3221

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now