QwikSec

Security Database

CVE

CWE

Training

CVE-2014-0981

Published: Mar 28, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

exploit

x_refsource_EXPLOIT-DB

vendor-advisory

x_refsource_GENTOO

third-party-advisory

x_refsource_SECUNIA

20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_DEBIAN

http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

x_refsource_CONFIRM

https://www.virtualbox.org/changeset/50437/vbox

x_refsource_CONFIRM

20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities

mailing-list

x_refsource_FULLDISC

http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.