1. CVE-Search
  2. CVE-2014-0981
ID CVE-2014-0981
Summary VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*
CVSS
Base: 4.4 (as of 09-10-2018 - 19:42)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities
confirm
debian DSA-2904
exploit-db 32208
fulldisc 20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities
gentoo GLSA-201612-27
misc http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
secunia 57384
Last major update 09-10-2018 - 19:42
Published 31-03-2014 - 14:58
Last modified 09-10-2018 - 19:42
Back to Top