ZDI-24-412: (Pwn2Own) Oracle VirtualBox VirtIOCore Buffer Overflow Local Privilege Escalation Vulnerability | allinfosecnews.com

April 26, 2024, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2024-21114.

attacker attackers buffer buffer overflow code cves cvss escalation exploit high local local privilege escalation oracle oracle virtualbox order overflow privilege privileged privilege escalation privileges pwn2own rating system target virtualbox vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-469: Avira Prime Link Following Local Privilege Escalation Vulnerability 1 day, 17 hours ago | www.zerodayinitiative.com

attacker attackers avira code +20

ZDI-24-468: Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability 1 day, 17 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication code +16

ZDI-24-467: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability 1 day, 17 hours ago | www.zerodayinitiative.com

arbitrary code attack attackers attack vectors +21

ZDI-24-466: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 1 day, 17 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-465: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 1 day, 17 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-464: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 1 day, 17 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-463: Siemens Simcenter Femap IGS File Parsing Type Confusion Remote Code Execution Vulnerability 1 day, 17 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-462: Siemens Simcenter Femap IGS File Parsing Type Confusion Remote Code Execution Vulnerability 1 day, 17 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

ZDI-24-461: Siemens Simcenter Femap IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 1 day, 17 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +14

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Security Operations Manager-West Coast

@ The Walt Disney Company | USA - CA - 2500 Broadway Street

View on infosec-jobs.com

Vulnerability Analyst - Remote (WFH)

@ Cognitive Medical Systems | Phoenix, AZ, US | Oak Ridge, TN, US | Austin, TX, US | Oregon, US | Austin, TX, US

View on infosec-jobs.com

Senior Mainframe Security Administrator

@ Danske Bank | Copenhagen V, Denmark

View on infosec-jobs.com