Endpoint Vulnerability

Security Vulnerability CVE-2014-0405 in VirtualBox


Supported versions that are affected are VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20 and 4.3.4. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized update, insert or delete access to some Oracle VM VirtualBox accessible data as well as read access to a subset of Oracle VM VirtualBox accessible data and ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. Note: Applies only when a Windows guest with VirtualBox Additions installed is running on VirtualBox.

Affected Products