The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2008-08-05 19:41
Updated : 2023-12-10 10:51
NVD link : CVE-2008-3431
Mitre link : CVE-2008-3431
CVE.ORG link : CVE-2008-3431
JSON object : View
Products Affected
sun
- xvm_virtualbox
CWE
CWE-264
Permissions, Privileges, and Access Controls