CVE-2015-4523

CRITICAL

Blue Coat Malware Analysis Appliance <4.2.5 & Malware Analyzer G2 <3.5 - RCE via VM Protection Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-4523. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits a memory corruption vulnerability in VirtualBox's 3D acceleration feature (CVE-2014-0983) to escape from a guest VM to the host. It uses a sequence of crafted HGCM messages to trigger an out-of-bounds array access and achieve RCE via a ROP chain.

Description

Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows_x86-64
https://www.exploit-db.com/exploits/34334

This Metasploit module exploits a memory corruption vulnerability in VirtualBox's 3D acceleration feature (CVE-2014-0983) to escape from a guest VM to the host. It uses a sequence of crafted HGCM messages to trigger an out-of-bounds array access and achieve RCE via a ROP chain.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Oracle VirtualBox 4.3.6 with 3D acceleration enabled
No auth needed
Prerequisites: Guest VM with VirtualBox Guest Additions installed · 3D acceleration enabled in VM settings · Windows 7 SP1 (64-bit) host
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory x_refsource_confirm
https://bto.bluecoat.com/security-advisory/sa97

Scores

CVSS v3 9.3
EPSS 0.0549
EPSS Percentile 90.5%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-264
Status published
Products (2)
symantec/malware_analysis_appliance < 4.2
symantec/malware_analyzer_g2 < 3.5
Published Sep 11, 2017
Tracked Since Feb 18, 2026