Oracle VM VirtualBox 3.x / 4.0.x < 4.0.10 Local Integer Overflows

Medium Nessus Plugin ID 62798


The remote Windows host has an application that is affected by two local overflow vulnerabilities.


The remote host contains a version of Oracle VM VirtualBox or Sun xVM VirtualBox 3.0, 3.1, 3.2, or 4.0.x prior to 4.0.10. As such, it is reportedly affected by two vulnerabilities :

- A local user can exploit a flaw in Guest Additions for Windows to gain partial elevated privileges. This issue only affects version 4.0.x. (CVE-2011-2300)

- A local user can exploit an unspecified flaw to gain full control of the target system. (CVE-2011-2305)


Upgrade to Oracle VM VirtualBox 4.0.10 or later.

See Also

Plugin Details

Severity: Medium

ID: 62798

File Name: virtualbox_4_0_8.nasl

Version: $Revision: 1.2 $

Type: local

Agent: windows

Family: Windows

Published: 2012/11/02

Modified: 2012/11/05

Dependencies: 40548

Risk Information

Risk Factor: Medium


Base Score: 6.2

Temporal Score: 4.6

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:vm_virtualbox

Required KB Items: VirtualBox/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2011/07/19

Vulnerability Publication Date: 2011/07/19

Reference Information

CVE: CVE-2011-2300, CVE-2011-2305

BID: 48781, 48793

OSVDB: 73896, 73897