Oracle VirtualBox Guest Additions Arbitrary Write Local Privilege Escalation Exploit

The Oracle VirtualBox Guest Additions Driver (VBoxGuest.sys) present in Oracle VirtualBox is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL (0x22A040) to the vulnerable driver within the Windows Guest OS.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2014-2477
Product Version: 
2014_R1
Released Date: 
Friday, August 22, 2014 - 00:00