Oracle: >> Virtualbox >> 1.6.0 Security Vulnerabilities
CVE-2008-3431
The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.
Known exploited
CVSS Score
8.8
EPSS Score
0.048
Published
2008-08-05