Vulnerability in Oracle VM VirtualBox Component of Oracle Virtualization
CVE-2017-10235
Key Information:
- Vendor
- Oracle
- Status
- Vendor
- CVE Published:
- 8 August 2017
Badges
Summary
A vulnerability exists in the Oracle VM VirtualBox component of Oracle Virtualization that allows an attacker with privileged access to compromise the application. If exploited, this flaw can result in significant disruptions, such as complete denial of service through frequent crashes, as well as unauthorized modifications to critical data accessed by Oracle VM VirtualBox. The vulnerability primarily impacts users running versions prior to 5.1.24 and poses serious risks that may affect various additional products leveraging this virtualization technology.
Affected Version(s)
Oracle VM VirtualBox < 5.1.24
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved