Oracle VM VirtualBox < 3.2.24 / 4.0.26 / 4.1.34 / 4.2.26 / 4.3.14 Multiple Unspecified Vulnerabilities

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has an application that is affected by multiple
unspecified vulnerabilities.

Description :

The remote host contains a version of Oracle VM VirtualBox that is
prior to 3.2.24, 4.0.26, 4.1.34, 4.2.26 or 4.3.14. It is, therefore,
affected by the following vulnerabilities :

- An unspecified flaw relating to the Core subcomponent
that may allow a local attacker to gain elevated
privileges. (CVE-2014-2487, CVE-2014-4261)

- An unspecified flaw relating to the Core subcomponent
that may allow a local attacker to have an impact on
integrity and availability.
(CVE-2014-2486, CVE-2014-2477, CVE-2014-2489)

- An unspecified flaw relating to the Core subcomponent
that may allow a local attacker to gain access to
sensitive information. (CVE-2014-2488)

- An unspecified flaw relating to the Graphics driver
for Windows guests that may allow a local attacker to
have an impact on confidentiality, integrity, and
availability. (CVE-2014-4228)

See also :

http://www.nessus.org/u?e39c574a
https://www.virtualbox.org/wiki/Changelog

Solution :

Upgrade Oracle VM VirtualBox to 3.2.24 / 4.0.26 / 4.1.34 / 4.2.26 /
4.3.14 or later.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.4
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now