ID CVE-2016-0602
Summary Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Installer. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the "application directory."
References
Vulnerable Configurations
  • Oracle VM Virtualbox 5.0.12
    cpe:2.3:a:oracle:vm_virtualbox:5.0.12
CVSS
Base: 6.2 (as of 08-06-2016 - 10:26)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family Misc.
NASL id VIRTUALBOX_5_0_14.NASL
description The Oracle VM VirtualBox application installed on the remote host is a version prior to 4.3.36 or 5.0.14. It is, therefore, affected by the following vulnerabilities : - An unspecified vulnerability exists in the Core subcomponent that allows a remote attacker to affect the availability of the system. No other details are available. (CVE-2016-0495) - An unspecified vulnerability exists in the Core subcomponent that allows a local attacker to affect the availability of the system. No other details are available. (CVE-2016-0592) - An unspecified vulnerability exists in the Windows Installer subcomponent that allows a local attacker to gain elevated privileges. No other details are available. (CVE-2016-0602)
last seen 2019-02-21
modified 2018-11-15
plugin id 88052
published 2016-01-21
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=88052
title Oracle VM VirtualBox < 4.3.36 / 5.0.14 Multiple Vulnerabilities (January 2016 CPU)
refmap via4
bugtraq 20160205 [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
confirm http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
fulldisc 20160210 [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
sectrack 1034731
Last major update 02-12-2016 - 22:16
Published 20-01-2016 - 22:02
Last modified 09-10-2018 - 15:58
Back to Top