The VBoxSF.sys driver is a component of VirtualBox Guest Additions, which is in charge of providing the 'Shared Folders' feature offered by Oracle VirtualBox. This driver doesn't properly validate a pointer when handling the IOCTL_MRX_VBOX_DELCONN IoControl. This allows an unprivileged user in a Windows Guest OS with VirtualBox Guest Additions installed to gain SYSTEM privileges within the Guest OS. Note that this vulnerability can be exploited on Windows Guest operating systems with the Guest Additions installed, even when the 'Shared Folders' feature is not being used.
The Oracle VirtualBox Guest Additions Driver (VBoxGuest.sys) present in Oracle VirtualBox is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL (0x22A040) to the vulnerable driver within the Windows Guest OS.
The code that implements 3D acceleration for OpenGL graphics in Oracle VirtualBox is prone to multiple memory corruption vulnerabilities. An attacker running code within a Windows Guest OS can exploit these vulnerabilities in order to escape from the virtual machine and execute arbitrary code on the Host OS.
In the kernel code for the setitimer() system call the 'which' parameter (which is a signed integer) is validated with the mistaken assumption that the value cannot be negative. Passing a negative value for this parameter results in writing into an array indexed with the 'which' parameter and overwriting memory outside the array. This exploit overwrites the current credential structure of the current process to set the user id to 0 (root) then launches a new agent.
The nfds (number of file descriptors) argument to the select() system call is a signed integer. Bounds checking code in the kernel evaluates this argument in a signed context. By passing negative arguments it is possible to cause the kernel to copy a large amount of data from userspace into a buffer on the stack, overflowing the allocated space. This module exploits the vulnerability to lower the system security level to -1 and launches an agent with root privileges.
A vulnerability exists in the system component that handles the Virtual DOS Machine (VDM) subsystem. A local attacker may exploit this vulnerability in order to run code with elevated privileges, fully compromising the vulnerable computer. This module exploits that vulnerability to change the agent's process access token, gaining SYSTEM privileges.
This module exploits a vulnerability in Novell NetWare Client when handling a specially crafted IOCTL. The vulnerability allows local users to overwrite memory and execute arbitrary code via a malformed Interrupt Request Packet (Irp) parameters.
This module exploits a vulnerability in Novell NetWare Client when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.
This module exploits a vulnerability in the NICM.SYS driver shipped with Novell Client 2 when handling specially crafted IOCTL requests.
This module exploits a memory corruption vulnerability in Norman Security Suite Nprosec.sys driver when handling IOCTL 0x00220210. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges. This module will elevate the privileges of the current agent instead of installing a new one.