{"uuid": "2c3d6239-1bd1-44ae-bb41-f397d80d65fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2008-3431", "type": "seen", "source": "https://t.me/arpsyndicate/1376", "content": "#ExploitObserverAlert\n\nCVE-2008-3431\n\nDESCRIPTION: Exploit Observer has 11 entries related to CVE-2008-3431. The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\\\.\\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.\n\nFIRST-EPSS: 0.000430000\nNVD-IS: 10.0\nNVD-ES: 3.9", "creation_timestamp": "2023-12-05T03:12:09.000000Z"}