KLA10284 Multiple vulnerabilities in Oracle VirtualBox

2014-07-1700:00:00

Kaspersky Lab

threats.kaspersky.com

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

5.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

32.3%

JSON

Unspecified vulnerabilities were found in Oracle VirtualBox. By exploiting this vulnerability malicious users can affect integrity, availability and confidentiality. This vulnerability can be exploited remotely via unknown vectors.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Related products

Oracle-VirtualBox

CVE list

CVE-2014-2477 warning

CVE-2014-2487 high

CVE-2014-2486 warning

CVE-2014-2489 warning

CVE-2014-2488 warning

CVE-2014-4261 high

Solution

Update to latest version

Impacts

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Loss of integrity. Exploitation of vulnerabilities with this impact can lead to partial system fault or system components connection disruption.

Affected Products

Oracle VirtualBox versions 3.2.22 and earlierOracle VirtualBox 4.0 versions 4.0.25 and earlierOracle VirtualBox 4.1 versions 4.1.33 and earlierOracle VirtualBox 4.2 versions 4.2.25 and earlierOracle VirtualBox 4.3 versions 4.3.12 and earlier