Oracle VM VirtualBox < 3.2.22 / 4.0.24 / 4.1.32 / 4.2.24 / 4.3.8 Multiple Memory Corruption

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has an application that is affected by multiple memory
corruption vulnerabilities.

Description :

The remote host contains a version of Oracle VM VirtualBox that is
3.2.x prior to 3.2.22, 4.0.24, 4.1.32, 4.2.24 or 4.3.8. It is,
therefore, potentially affected by the following vulnerabilities :

- An input validation error exists in the function
'crNetRecvReadback' in the file
'GuestHost/OpenGL/util/net.c' related to handling
CR_MESSAGE_READBACK and CR_MESSAGE_WRITEBACK messages
that could allow memory corruption leading to
application crashes and possibly arbitrary code
execution. (CVE-2014-0981)

- An input validation error exists related to the
Chromium server and the handling of
CR_VERTEXATTRIB4NUBARB_OPCODE messages that could allow
memory corruption leading to application crashes and
possibly arbitrary code execution. (CVE-2014-0983)

See also :

http://www.nessus.org/u?a1d0f576
http://www.nessus.org/u?23999f63
https://www.virtualbox.org/wiki/Changelog

Solution :

Upgrade Oracle VM VirtualBox to 3.2.22 / 4.0.24 / 4.1.32 / 4.2.24 /
4.3.8 or later.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 72985 ()

Bugtraq ID: 66131
66132
66133

CVE ID: CVE-2014-0981
CVE-2014-0983

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now