// For flags

CVE-2015-4523

Oracle VM VirtualBox 4.3.6 - 3D Acceleration Virtual Machine Escape

Severity Score

9.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis.

Blue Coat Malware Analysis Appliance (MAA) en versiones anteriores a la 4.2.5 y Malware Analyzer G2 permiten a los atacantes remotos omitir un mecanismo de protección de máquinas virtuales y, como consecuencia, modificar archivos arbitrarios, provocar una denegación de servicio (reinicio del host o restauración a valores de fábrica) o ejecutar código arbitrario mediante vectores relacionados con el guardado de archivos durante un análisis.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-08-14 First Exploit
  • 2015-06-11 CVE Reserved
  • 2017-09-11 CVE Published
  • 2024-04-14 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (2)
URL Tag Source
https://bto.bluecoat.com/security-advisory/sa97 Third Party Advisory
URL Date SRC
https://www.exploit-db.com/exploits/34334 2014-08-14
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Symantec
Search vendor "Symantec"
 Malware Analysis Appliance
Search vendor "Symantec" for product "Malware Analysis Appliance"
 <= 4.2
Search vendor "Symantec" for product "Malware Analysis Appliance" and version " <= 4.2"
-
Affected
Symantec
Search vendor "Symantec"
 Malware Analyzer G2
Search vendor "Symantec" for product "Malware Analyzer G2"
 <= 3.5
Search vendor "Symantec" for product "Malware Analyzer G2" and version " <= 3.5"
-
Affected