The code that implements 3D acceleration for OpenGL graphics in Oracle VirtualBox is prone to multiple memory corruption vulnerabilities. An attacker running code within a Windows Guest OS can exploit these vulnerabilities in order to escape from the virtual machine and execute arbitrary code on the Host OS.
A vulnerability exists in the system component that handles the Virtual DOS Machine (VDM) subsystem. A local attacker may exploit this vulnerability in order to run code with elevated privileges, fully compromising the vulnerable computer. This module exploits that vulnerability to change the agent's process access token, gaining SYSTEM privileges.
This module exploits a vulnerability in Novell NetWare Client when handling a specially crafted IOCTL. The vulnerability allows local users to overwrite memory and execute arbitrary code via a malformed Interrupt Request Packet (Irp) parameters.
This module exploits a vulnerability in Novell NetWare Client when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.
This module exploits a vulnerability in the NICM.SYS driver shipped with Novell Client 2 when handling specially crafted IOCTL requests.
This module exploits a memory corruption vulnerability in Norman Security Suite Nprosec.sys driver when handling IOCTL 0x00220210. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges. This module will elevate the privileges of the current agent instead of installing a new one.
After successful exploitation an agent will be installed. The process being exploited is the winlogon process. Execute the 'RevertToSelf' module after exploitation to get SYSTEM access.
This module exploits a vulnerability in "wins.exe" sending crafted UDP packets to the WINS-RPC local port.
This module exploits a null pointer dereference in win32k.sys by abusing of xxxSendMessageTimeout function. The TrackPopupMenu API function is used to trigger the vulnerability.
An uninitialized pointer is used by windows kernel when the "FlattenPath" function is called in the middle of a kernel heap exhaustion.