Beschreibung
Multiple serious vulnerabilities have been found in Oracle VM VirtualBox. Malicious users can exploit these vulnerabilities to cause a denial of service, read and write accesible data and possibly to obtain sensitive information.
Below is a complete list of vulnerabilities:
- Multiple unspecified vulnerabilities in subcomponent Core of Oracle Virtualization component can be exploited remotely possibly to obtain sensitive information;
- Multiple unspecified vulnerabilities in subcomponent Core of Oracle Virtualization component can be exploited remotely to cause a denial of service (it can be either hang or frequently repeatable crash), write to some of Oracle VM VirtualBox accessible data and read a subset of Oracle VM VirtualBox accessible data;
- An unspecified vulnerability in subcomponent Shared Folder of Oracle Virtualization component can be exploited remotely to cause a denial of service (it can be either hang or frequently repeatable crash);
- An unspecified vulnerability in subcomponent Core of Oracle Virtualization component can be exploited remotely to cause a denial of service (it can be either hang or frequently repeatable crash), write to some of Oracle VM VirtualBox accessible data and read a subset of Oracle VM VirtualBox accessible data;
- An unspecified vulnerability in subcomponent Core of Oracle Virtualization component can be exploited remotely to cause a denial of service (it can be either hang or frequently repeatable crash), write to some of Oracle VM VirtualBox accessible data;
- An unspecified vulnerability in subcomponent Core of Oracle Virtualization component can be exploited remotely to read a subset of Oracle VM VirtualBox accessible data.
Technical details
Vulnerabilities (1)-(3) can be exploited by a low privileged user with logon to the infrastructure where OracleVM VirtualBox is executed.
Vulnerabilities (4)-(6) can be exploited by a high privileged user with logon to the infrastructure where OracleVM VirtualBox is executed.
Ursprüngliche Informationshinweise
CVE Liste
- CVE-2017-3575 warning
- CVE-2017-3576 warning
- CVE-2017-3513 warning
- CVE-2017-3587 warning
- CVE-2017-3558 warning
- CVE-2017-3559 warning
- CVE-2017-3561 warning
- CVE-2017-3563 warning
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com