CVE-2014-0981

Description

VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.

Risk Information

Base Score

7.8

MODERATE

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

6.475

Associated Vulnerability

Vulnerability	OS Platform
Update VM VirtualBox 4.3.6 to latest version	Windows
Vulnerabilities CVE-2014-0981,CVE-2014-2441,CVE-2014-4228,CVE-2015-0377 are affected in Oracle VM VirtualBox 4.4	Windows
virtualbox security update(DSA-3454-1) virtualbox_4.3.36-dfsg-1+deb8u1_i386.deb	Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-342239	Oracle VM VirtualBox (7.1.4)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234