Skip to content
/ CVE-2024-21107 Public

Oracle VM VirtualBox for Windows prior to 7.0.16 - Elevation of Privileges

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Alaatk/CVE-2024-21107

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

CVE-2024-21107

Oracle VM VirtualBox for Windows prior to 7.0.16 - Elevation of Privileges

Description:

A vulnerability has been identified in Oracle VM VirtualBox on Windows where the setup fails to set proper access rights for its installation folder if a non-default installation path was chosen during installation. This allows any authenticated local attacker to inject arbitrary code and escalate privileges to the SYSTEM context.

Affected versions

Oracle VM VirtualBox up to 7.0.14

fixed starting with 7.0.16

Impacted service(s)

Service Name: VBoxSDS (non-default installation path)

Discovered by:

  • Alaa Kachouh
  • Ali Jammal of Deloitte Netherlands

About

Oracle VM VirtualBox for Windows prior to 7.0.16 - Elevation of Privileges

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published