CVE-2015-6923

VBox Communications Satellite Express Protocol <2.3.17.3 - Privileg...

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-6923. PoCs published by KoreLogic.

AI-analyzed exploit summary This is a detailed vulnerability writeup for CVE-2015-6923, describing an arbitrary write privilege escalation in VBox Satellite Express due to a write-what-where condition in the ndvbs module. It includes crash analysis and technical details but does not contain executable exploit code.

Description

The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call.

Exploits (1)

exploitdb WRITEUP
by KoreLogic · textdoswindows
https://www.exploit-db.com/exploits/38225

This is a detailed vulnerability writeup for CVE-2015-6923, describing an arbitrary write privilege escalation in VBox Satellite Express due to a write-what-where condition in the ndvbs module. It includes crash analysis and technical details but does not contain executable exploit code.

Classification
Writeup 100%
Attack Type
Lpe
Complexity
Complex
Reliability
Theoretical
Target: VBox Satellite Express Protocol 2.3.17.3
No auth needed
Prerequisites: Access to the vulnerable driver via IOCTL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Sep/72
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/38225/
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/536491/100/0/threaded

Scores

EPSS 0.0092
EPSS Percentile 55.6%

Details

Status published
Products (1)
vboxcomm/satellite_express_protocol 2.3.17.3
Published Sep 21, 2015
Tracked Since Feb 18, 2026