Detections
Analytics
Oracle VM VirtualBox 3.x / 4.0.x < 4.0.10 Local Integer Overflows
medium Nessus Plugin ID 62798
Language:
Synopsis
The remote Windows host has an application that is affected by two local overflow vulnerabilities.Description
The remote host contains a version of Oracle VM VirtualBox or Sun xVM VirtualBox 3.0, 3.1, 3.2, or 4.0.x prior to 4.0.10. As such, it is reportedly affected by two vulnerabilities :- A local user can exploit a flaw in Guest Additions for Windows to gain partial elevated privileges. This issue only affects version 4.0.x. (CVE-2011-2300)
- A local user can exploit an unspecified flaw to gain full control of the target system. (CVE-2011-2305)
Solution
Upgrade to Oracle VM VirtualBox 4.0.10 or later.See Also
http://www.nessus.org/u?1fd9a198
Plugin Details
Severity: Medium
ID: 62798
File Name: virtualbox_4_0_8.nasl
Version: 1.5
Type: Local
Agent: windows
Family: Windows
Published: 11/2/2012
Updated: 5/5/2026
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.2
Temporal Score: 4.6
Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2011-2305
Vulnerability Information
CPE: cpe:/a:oracle:vm_virtualbox
Required KB Items: installed_sw/Oracle VM VirtualBox
Exploit Ease: No known exploits are available
Patch Publication Date: 7/19/2011
Vulnerability Publication Date: 7/19/2011
Reference Information
CVE: CVE-2011-2300, CVE-2011-2305