ID CVE-2014-4261
Summary Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2487.
References
Vulnerable Configurations
  • Oracle VM VirtualBox 4.0
    cpe:2.3:a:oracle:vm_virtualbox:4.0
  • Oracle VM VirtualBox 4.0.0
    cpe:2.3:a:oracle:vm_virtualbox:4.0.0
  • Oracle VM VirtualBox 4.0.2
    cpe:2.3:a:oracle:vm_virtualbox:4.0.2
  • Oracle VM VirtualBox 4.0.4
    cpe:2.3:a:oracle:vm_virtualbox:4.0.4
  • Oracle VM VirtualBox 4.0.6
    cpe:2.3:a:oracle:vm_virtualbox:4.0.6
  • Oracle VM VirtualBox 4.0.8
    cpe:2.3:a:oracle:vm_virtualbox:4.0.8
  • Oracle VM VirtualBox 4.0.10
    cpe:2.3:a:oracle:vm_virtualbox:4.0.10
  • Oracle VM VirtualBox 4.0.12
    cpe:2.3:a:oracle:vm_virtualbox:4.0.12
  • Oracle VM VirtualBox 4.0.14
    cpe:2.3:a:oracle:vm_virtualbox:4.0.14
  • Oracle VM VirtualBox 4.0.16
    cpe:2.3:a:oracle:vm_virtualbox:4.0.16
  • Oracle VM VirtualBox 4.0.18
    cpe:2.3:a:oracle:vm_virtualbox:4.0.18
  • Oracle VM VirtualBox 4.0.20
    cpe:2.3:a:oracle:vm_virtualbox:4.0.20
  • Oracle VM VirtualBox 4.0.22
    cpe:2.3:a:oracle:vm_virtualbox:4.0.22
  • Oracle VM VirtualBox 4.0.24
    cpe:2.3:a:oracle:vm_virtualbox:4.0.24
  • Oracle VM VirtualBox 3.2
    cpe:2.3:a:oracle:vm_virtualbox:3.2
  • Oracle VM VirtualBox 3.2.0
    cpe:2.3:a:oracle:vm_virtualbox:3.2.0
  • Oracle VM VirtualBox 3.2.2
    cpe:2.3:a:oracle:vm_virtualbox:3.2.2
  • Oracle VM VirtualBox 3.2.4
    cpe:2.3:a:oracle:vm_virtualbox:3.2.4
  • Oracle VM VirtualBox 3.2.6
    cpe:2.3:a:oracle:vm_virtualbox:3.2.6
  • Oracle VM VirtualBox 3.2.8
    cpe:2.3:a:oracle:vm_virtualbox:3.2.8
  • Oracle VM VirtualBox 3.2.10
    cpe:2.3:a:oracle:vm_virtualbox:3.2.10
  • Oracle VM VirtualBox 3.2.12
    cpe:2.3:a:oracle:vm_virtualbox:3.2.12
  • Oracle VM VirtualBox 3.2.14
    cpe:2.3:a:oracle:vm_virtualbox:3.2.14
  • Oracle VM VirtualBox 3.2.16
    cpe:2.3:a:oracle:vm_virtualbox:3.2.16
  • Oracle VM VirtualBox 3.2.18
    cpe:2.3:a:oracle:vm_virtualbox:3.2.18
  • Oracle VM VirtualBox 3.2.20
    cpe:2.3:a:oracle:vm_virtualbox:3.2.20
  • Oracle VM VirtualBox 3.2.22
    cpe:2.3:a:oracle:vm_virtualbox:3.2.22
  • Oracle VM VirtualBox 4.3.0
    cpe:2.3:a:oracle:vm_virtualbox:4.3.0
  • Oracle VM VirtualBox 4.3.2
    cpe:2.3:a:oracle:vm_virtualbox:4.3.2
  • Oracle VM VirtualBox 4.3.4
    cpe:2.3:a:oracle:vm_virtualbox:4.3.4
  • Oracle VM VirtualBox 4.3.6
    cpe:2.3:a:oracle:vm_virtualbox:4.3.6
  • Oracle VM VirtualBox 4.3.8
    cpe:2.3:a:oracle:vm_virtualbox:4.3.8
  • Oracle VM VirtualBox 4.3.10
    cpe:2.3:a:oracle:vm_virtualbox:4.3.10
  • Oracle VM VirtualBox 4.3.12
    cpe:2.3:a:oracle:vm_virtualbox:4.3.12
  • Oracle VM VirtualBox 4.2.0
    cpe:2.3:a:oracle:vm_virtualbox:4.2.0
  • Oracle VM VirtualBox 4.2.2
    cpe:2.3:a:oracle:vm_virtualbox:4.2.2
  • Oracle VM VirtualBox 4.2.4
    cpe:2.3:a:oracle:vm_virtualbox:4.2.4
  • Oracle VM VirtualBox 4.2.6
    cpe:2.3:a:oracle:vm_virtualbox:4.2.6
  • Oracle VM VirtualBox 4.2.8
    cpe:2.3:a:oracle:vm_virtualbox:4.2.8
  • Oracle VM VirtualBox 4.2.10
    cpe:2.3:a:oracle:vm_virtualbox:4.2.10
  • Oracle VM VirtualBox 4.2.12
    cpe:2.3:a:oracle:vm_virtualbox:4.2.12
  • Oracle VM VirtualBox 4.2.14
    cpe:2.3:a:oracle:vm_virtualbox:4.2.14
  • Oracle VM VirtualBox 4.2.16
    cpe:2.3:a:oracle:vm_virtualbox:4.2.16
  • Oracle VM VirtualBox 4.2.18
    cpe:2.3:a:oracle:vm_virtualbox:4.2.18
  • Oracle VM VirtualBox 4.2.20
    cpe:2.3:a:oracle:vm_virtualbox:4.2.20
  • Oracle VM VirtualBox 4.2.22
    cpe:2.3:a:oracle:vm_virtualbox:4.2.22
  • Oracle VM VirtualBox 4.2.24
    cpe:2.3:a:oracle:vm_virtualbox:4.2.24
  • Oracle VM VirtualBox 4.1.0
    cpe:2.3:a:oracle:vm_virtualbox:4.1.0
  • Oracle VM VirtualBox 4.1.2
    cpe:2.3:a:oracle:vm_virtualbox:4.1.2
  • Oracle Vm Virtualbox 4.1.4
    cpe:2.3:a:oracle:vm_virtualbox:4.1.4
  • Oracle VM VirtualBox 4.1.6
    cpe:2.3:a:oracle:vm_virtualbox:4.1.6
  • Oracle VM VirtualBox 4.1.8
    cpe:2.3:a:oracle:vm_virtualbox:4.1.8
  • Oracle VM VirtualBox 4.1.10
    cpe:2.3:a:oracle:vm_virtualbox:4.1.10
  • Oracle VM VirtualBox 4.1.12
    cpe:2.3:a:oracle:vm_virtualbox:4.1.12
  • Oracle VM VirtualBox 4.1.14
    cpe:2.3:a:oracle:vm_virtualbox:4.1.14
  • Oracle VM VirtualBox 4.1.16
    cpe:2.3:a:oracle:vm_virtualbox:4.1.16
  • Oracle VM VirtualBox 4.1.18
    cpe:2.3:a:oracle:vm_virtualbox:4.1.18
  • Oracle VM VirtualBox 4.1.20
    cpe:2.3:a:oracle:vm_virtualbox:4.1.20
  • Oracle VM VirtualBox 4.1.22
    cpe:2.3:a:oracle:vm_virtualbox:4.1.22
  • Oracle VM VirtualBox 4.1.24
    cpe:2.3:a:oracle:vm_virtualbox:4.1.24
  • Oracle VM VirtualBox 4.1.26
    cpe:2.3:a:oracle:vm_virtualbox:4.1.26
  • Oracle VM VirtualBox 4.1.28
    cpe:2.3:a:oracle:vm_virtualbox:4.1.28
  • Oracle VM VirtualBox 4.1.30
    cpe:2.3:a:oracle:vm_virtualbox:4.1.30
  • Oracle VM VirtualBox 4.1.32
    cpe:2.3:a:oracle:vm_virtualbox:4.1.32
CVSS
Base: 6.9 (as of 17-07-2014 - 12:43)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family Windows
NASL id VIRTUALBOX_4_3_14.NASL
description The remote host contains a version of Oracle VM VirtualBox that is prior to 3.2.24, 4.0.26, 4.1.34, 4.2.26 or 4.3.14. It is, therefore, affected by the following vulnerabilities : - An unspecified flaw relating to the Core subcomponent that may allow a local attacker to gain elevated privileges. (CVE-2014-2487, CVE-2014-4261) - An unspecified flaw relating to the Core subcomponent that may allow a local attacker to have an impact on integrity and availability. (CVE-2014-2486, CVE-2014-2477, CVE-2014-2489) - An unspecified flaw relating to the Core subcomponent that may allow a local attacker to gain access to sensitive information. (CVE-2014-2488) - An unspecified flaw relating to the Graphics driver for Windows guests that may allow a local attacker to have an impact on confidentiality, integrity, and availability. (CVE-2014-4228)
last seen 2019-02-21
modified 2018-11-15
plugin id 76536
published 2014-07-16
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=76536
title Oracle VM VirtualBox < 3.2.24 / 4.0.26 / 4.1.34 / 4.2.26 / 4.3.14 Multiple Unspecified Vulnerabilities
refmap via4
bid 68588
bugtraq 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
confirm
fulldisc 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
xf oracle-cpujul2014-cve20144261(94612)
Last major update 11-12-2014 - 22:03
Published 17-07-2014 - 07:17
Last modified 09-10-2018 - 15:48
Back to Top