Executive Summary

Title Sun Alert 240095 A Security Vulnerability in 'VBoxDrv.sys' driver of Sun xVM VirtualBox 1.6 may lead to Arbitrary Code Execution or Denial of Service (DoS)
Name SUN-240095 First vendor Publication 2008-08-05
Vendor Sun Last vendor Modification 2008-08-05
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Product: Sun xVM VirtualBox 1.6 (Windows version)

A security vulnerability in the 'VBoxDrv.sys' driver shipped with Sun xVM VirtualBox 1.6.0/1.6.2 may allow a local unprivileged user to execute arbitrary code on the system or cause a system panic. The ability to cause system panic is a type of Denial of Service (DoS).

Sun acknowledges with thanks, Anibal Sacco of Core Security Technologies for bringing this issue to our attention.

This issue is described in the following document:


State: Resolved
First released: 05-Aug-2008

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_240095_a_security

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

Application 13

ExploitDB Exploits

id Description
2008-08-10 Sun xVM VirtualBox < 1.6.4 Privilege Escalation Vulnerability PoC

Open Source Vulnerability Database (OSVDB)

Id Description
47424 Sun xVM VirtualBox VBoxDrv.sys VBoxDrvNtDeviceControl Function IOCTL Request ...

Nessus® Vulnerability Scanner

Date Description
2008-08-05 Name : The remote Windows host has an application that is affected by a local privil...
File : virtualbox_1_6_4.nasl - Type : ACT_GATHER_INFO