CVE-2017-3316

HIGH

Oracle VM VirtualBox < 5.0.32 and < 5.1.14 - Remote Code Execution via GUI Subcomponent

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-3316. PoCs published by Wolfgang Hotwagner.

AI-analyzed exploit summary This exploit demonstrates a privilege escalation vulnerability in VirtualBox (CVE-2017-3316) where a malicious Extension-Pack can be delivered via MITM to execute a reverse root shell. The PoC includes a setuid executable and a modified Extension-Pack module to achieve code execution.

Description

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4 (Confidentiality, Integrity and Availability impacts).

Exploits (1)

exploitdb WORKING POC
by Wolfgang Hotwagner · textlocallinux
https://www.exploit-db.com/exploits/41196

This exploit demonstrates a privilege escalation vulnerability in VirtualBox (CVE-2017-3316) where a malicious Extension-Pack can be delivered via MITM to execute a reverse root shell. The PoC includes a setuid executable and a modified Extension-Pack module to achieve code execution.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Oracle VirtualBox prior to 5.0.32, prior to 5.1.14
No auth needed
Prerequisites: MITM position to intercept Extension-Pack updates · Victim must initiate an Extension-Pack update
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201702-08
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/41196/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95579
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037638

Scores

CVSS v3 8.4
EPSS 0.0696
EPSS Percentile 93.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-20
Status published
Products (4)
Oracle/VM VirtualBox prior to 5.0.32
Oracle/VM VirtualBox prior to 5.1.14
oracle/vm_virtualbox 5.0.30
oracle/vm_virtualbox 5.1.12
Published Jan 27, 2017
Tracked Since Feb 18, 2026