Oracle VirtualBox Insufficient Input Validation Vulnerability

An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code...

Sun xVM privilege escalation

VBoxDrv.sys driver kernel mode code execution...

Sun xVM VirtualBox 'VBoxDrv.sys'本地特权提升漏洞

BUGTRAQ ID: 30481 CVE ID:CVE-2008-3431 CNCVE ID：CNCVE-20083431 Sun xVM VirtualBox是一款功能强大的虚拟机程序。 Sun xVM VirtualBox存在设计错误，本地攻击者可以利用漏洞提升特权。 当处理部分IOCTLs时VBoxDrv.sys驱动中存在错误，可导致在受影响宿主上以内核进程权限执行任意指令。...

CVE-2008-3431

The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHODNEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \.\VBoxDrv device and...

CVE-2008-3431

CVE-2008-3431 affects Sun xVM VirtualBox on Windows prior to 1.6.4. The VBoxDrv.sys driver handles IOCTLs with METHOD_NEITHER and fails to validate the user-supplied buffer, enabling a local unprivileged user to craft a kernel address and gain kernel privileges by calling DeviceIoControl to the ....