CVE-2008-3431
The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- July 31, 2008
- Published Date
- August 05, 2008
- Last Updated
- February 10, 2025
- Vendor
- Sun
- Product
- xVM VirtualBox
- Description
- The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.
- Tags
- Exploitation
- active
- Technical Impact
- total
- Exploited in the Wild
- Yes (2022-03-03 00:00:00 UTC) Source
cisa
CVSS Scores
CVSS v3.1
8.8 - HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS v2.0
7.2
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
SSVC Information
Exploit Status
References
http://www.securityfocus.com/bid/30481
http://securityreason.com/securityalert/4107
https://www.exploit-db.com/exploits/6218
http://sunsolve.sun.com/search/document.do?assetkey=1-66-240095-1
http://secunia.com/advisories/31361
http://www.coresecurity.com/content/virtualbox-privilege-escalation-vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/44202
http://www.vupen.com/english/advisories/2008/2293
http://virtualbox.org/wiki/Changelog
http://securitytracker.com/id?1020625
http://www.securityfocus.com/archive/1/495095/100/0/threaded
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-03-03 00:00:00 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel