Oracle VM VirtualBox 3.x / 4.0.x < 4.0.10 Local Integer Overflows
Medium Nessus Plugin ID 62798
SynopsisThe remote Windows host has an application that is affected by two local overflow vulnerabilities.
DescriptionThe remote host contains a version of Oracle VM VirtualBox or Sun xVM VirtualBox 3.0, 3.1, 3.2, or 4.0.x prior to 4.0.10. As such, it is reportedly affected by two vulnerabilities :
- A local user can exploit a flaw in Guest Additions for Windows to gain partial elevated privileges. This issue only affects version 4.0.x. (CVE-2011-2300)
- A local user can exploit an unspecified flaw to gain full control of the target system. (CVE-2011-2305)
SolutionUpgrade to Oracle VM VirtualBox 4.0.10 or later.