CVE-2008-3431

KEV

Published: Ago 05, 2008 Last Modified: Ott 22, 2025 EU-VD ID: EUVD-2008-3417 Aliases: GSD-2008-3431

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,8

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: high

Availability: high

HIGH 7,2

Source: [email protected]

Access Vector: local

Access Complexity: low

Authentication: none

Confidentiality: complete

Integrity: complete

Availability: complete

Description

AI Translation Available

The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0538

Percentile

0,9th

Updated

EPSS Score Trend (Last 90 Days)

Exploit

Sun xVM VirtualBox < 1.6.4 - Privilege Escalation …

Verified

Sun xVM VirtualBox < 1.6.4 - Privilege Escalation (PoC)

Author: Core Security Published: Status: Verified

View Exploit Code →

Application

Virtualbox by Oracle

Product Information

Vendor Oracle

Product Virtualbox

Version Range Affected

To 1.6.4 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:virtualbox:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://www.cisa.gov/known-exploited-vulnerabilities-catalo…

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2008…

http://secunia.com/advisories/31361

http://securityreason.com/securityalert/4107

http://securitytracker.com/id?1020625

https://exchange.xforce.ibmcloud.com/vulnerabilities/44202

http://sunsolve.sun.com/search/document.do?assetkey=1-66-24…

http://sunsolve.sun.com/search/document.do?assetkey=1-66-240095-1

https://www.exploit-db.com/exploits/6218

http://virtualbox.org/wiki/Changelog

http://www.coresecurity.com/content/virtualbox-privilege-es…

http://www.coresecurity.com/content/virtualbox-privilege-escalation-vulnerabili…

http://www.securityfocus.com/archive/1/495095/100/0/threaded

http://www.securityfocus.com/bid/30481

http://www.vupen.com/english/advisories/2008/2293

http://secunia.com/advisories/31361

http://securityreason.com/securityalert/4107

http://securitytracker.com/id?1020625

https://exchange.xforce.ibmcloud.com/vulnerabilities/44202

http://sunsolve.sun.com/search/document.do?assetkey=1-66-24…

http://sunsolve.sun.com/search/document.do?assetkey=1-66-240095-1

https://www.exploit-db.com/exploits/6218

http://virtualbox.org/wiki/Changelog

http://www.coresecurity.com/content/virtualbox-privilege-es…

http://www.coresecurity.com/content/virtualbox-privilege-escalation-vulnerabili…

http://www.securityfocus.com/archive/1/495095/100/0/threaded

http://www.securityfocus.com/bid/30481

http://www.vupen.com/english/advisories/2008/2293

CVE-2008-3431

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Sun xVM VirtualBox < 1.6.4 - Privilege Escalation …

Virtualbox by Oracle

Product Information

Iscriviti alla newsletter