The VBoxSF.sys driver is a component of VirtualBox Guest Additions, which is in charge of providing the 'Shared Folders' feature offered by Oracle VirtualBox. This driver doesn't properly validate a pointer when handling the IOCTL_MRX_VBOX_DELCONN IoControl. This allows an unprivileged user in a Windows Guest OS with VirtualBox Guest Additions installed to gain SYSTEM privileges within the Guest OS. Note that this vulnerability can be exploited on Windows Guest operating systems with the Guest Additions installed, even when the 'Shared Folders' feature is not being used.

CVE Link

Exploit Platform

Windows

Exploit Type

Product Name

Oracle VirtualBox VBoxSF.sys IOCTL_MRX_VBOX_DELCONN Privilege Escalation Exploit

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum