vbox3 0.1.8 and earlier does not properly drop privileges before executing a user-provided TCL script, which allows local users to gain privileges.
CVSS Score
7.2
EPSS Score
0.001
Published
2004-02-03