CVE-2013-0420

Oracle VirtualBox <4.3 Core - Local Integrity and Availability Impact

Title source: manual
STIX 2.1

Description

Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to "draw more lines than necessary."

References (6)

Core 6
Core References
Vendor Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-02/msg00000.html
Exploit, Patch x_refsource_misc
https://www.virtualbox.org/changeset/44055/vbox
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15763
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Scores

EPSS 0.0040
EPSS Percentile 32.8%

Details

Status published
Products (8)
opensuse/opensuse 12.1
opensuse/opensuse 12.2
oracle/virtualization 4.0
oracle/virtualization 4.1
oracle/virtualization 4.2
oracle/vm_virtualbox 4.0
oracle/vm_virtualbox 4.1.0
oracle/vm_virtualbox 4.2.0
Published Jan 17, 2013
Tracked Since Feb 18, 2026