CVE-2019-2721

HIGH

Oracle VM VirtualBox <6.0.6 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-2721. PoCs published by Google Security Research.

AI-analyzed exploit summary The exploit leverages the VirtualBox COM RPC interface to inject and execute arbitrary code in a hardened VirtualBox process on Windows, leading to local privilege escalation. It abuses the IRundown interface's DoCallback method to execute ExitProcess with a custom exit code.

Description

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textlocalwindows

https://www.exploit-db.com/exploits/46747

View Code ZIP pw:eip

The exploit leverages the VirtualBox COM RPC interface to inject and execute arbitrary code in a hardened VirtualBox process on Windows, leading to local privilege escalation. It abuses the IRundown interface's DoCallback method to execute ExitProcess with a custom exit code.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: VirtualBox 6.0.4 r128413 x64 on Windows 10 1809

No auth needed

Prerequisites: VirtualBox process PID · Windows 10 1809 x64 environment · Debug symbols for combase.dll (optional)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Vendor Advisory x_refsource_misc

http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46747/

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html

Scores

CVSS v3 8.8

EPSS 0.0223

EPSS Percentile 80.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

Status published

Products (1)

oracle/vm_virtualbox < 5.2.28

Published Apr 23, 2019

Tracked Since Feb 18, 2026