CVE-2014-2477 – VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation

https://notcve.org/view.php?id=CVE-2014-2477

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2486. Vulnerabilidad no especificada en el componente Oracle VM VirtualBox en Oracle Virtualization VirtualBox en versiones anteriores a 3.2.24, 4.0.26, 4.1.34, 4.2.26 y 4.3.12 permite a usuarios locales afectar la integridad y la disponibilidad a través de vectores desconocidos relacionados con Core, una vulnerabilidad diferente a CVE-2014-2486. A vulnerability within the VBoxGuest driver allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile on Windows XP SP3 systems. This has been tested with VBoxGuest Additions up to 4.3.10r93012. • https://www.exploit-db.com/exploits/34333 http://seclists.org/fulldisclosure/2014/Dec/23 http://www.exploit-db.com/exploits/34333 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68613 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://www.korelogic.com/Resources/Advisories/KL-001-2014-001.txt https://raw.githubusercontent.com/rapid7/metasploit-f •