EIP-2026-119610

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119610. PoCs published by Jose Eduardo Castro.

AI-analyzed exploit summary This PoC exploits a Denial of Service (DoS) vulnerability in Oracle VirtualBox Manager 5.2.18 by overflowing the 'Name' attribute field with a large buffer of 'A' characters. The exploit generates a file containing the malicious input, which when pasted into the VirtualBox Manager's storage controller name field, triggers the crash.

Description

Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service (PoC)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jose Eduardo Castro · pythondoswindows_x86-64

https://www.exploit-db.com/exploits/45421

View Code ZIP pw:eip

This PoC exploits a Denial of Service (DoS) vulnerability in Oracle VirtualBox Manager 5.2.18 by overflowing the 'Name' attribute field with a large buffer of 'A' characters. The exploit generates a file containing the malicious input, which when pasted into the VirtualBox Manager's storage controller name field, triggers the crash.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Oracle VirtualBox Manager 5.2.18 r124319

No auth needed

Prerequisites: VirtualBox Manager 5.2.18 r124319 installed on Windows 7 Ultimate x64 · A virtual machine in 'power off' state

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service (PoC)

Exploitation Summary

Description

Exploits (1)

Details