CVE-2014-2477

Oracle VM VirtualBox <4.3.12 - Unknown

Title source: llm

Description

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2486.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/34333

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/virtual_box_guest_additions.rb

View Code ZIP pw:eip

References (6)

[Mailing List] http://seclists.org/fulldisclosure/2014/Dec/23

[Vendor Advisory] http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/534161/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/68613

[Vendor Advisory] http://www.vmware.com/security/advisories/VMSA-2014-0012.html

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/34333

Scores

EPSS 0.0749

EPSS Percentile 91.8%

Details

Status published

Products (50)

oracle/vm_virtualbox 4.0

oracle/vm_virtualbox 4.0.0

oracle/vm_virtualbox 4.0.2

oracle/vm_virtualbox 4.0.4

oracle/vm_virtualbox 4.0.6

oracle/vm_virtualbox 4.0.8

oracle/vm_virtualbox 4.0.10

oracle/vm_virtualbox 4.0.12

oracle/vm_virtualbox 4.0.14

oracle/vm_virtualbox 4.0.16

... and 40 more

Published Jul 17, 2014

Tracked Since Feb 18, 2026