| Vulnerability Name: | CVE-2014-0983 (CCN-91754) | ||||||||||||||||||||
| Assigned: | 2014-03-11 | ||||||||||||||||||||
| Published: | 2014-03-11 | ||||||||||||||||||||
| Updated: | 2018-10-09 | ||||||||||||||||||||
| Summary: | Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function. | ||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||
| CVSS v2 Severity: | 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C) 5.7 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
6.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-399 | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2014-0983 Source: FULLDISC Type: Exploit 20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities Source: CCN Type: SA57384 Oracle VirtualBox 3D Acceleration Multiple Privilege Escalation Vulnerabilities Source: SECUNIA Type: Vendor Advisory 57384 Source: MISC Type: Exploit http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities Source: DEBIAN Type: UNKNOWN DSA-2904 Source: EXPLOIT-DB Type: UNKNOWN 32208 Source: CONFIRM Type: UNKNOWN http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html Source: BUGTRAQ Type: UNKNOWN 20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities Source: CCN Type: BID-66133 Oracle VM VirtualBox 'crServerDispatchVertexAttrib4NubAR()' Function Memory Corruption Vulnerability Source: XF Type: UNKNOWN oracle-cve20140983-code-exec(91754) Source: CCN Type: Packet Storm Security [03-11-2014] Oracle VirtualBox 3D Acceleration Memory Corruption Source: CCN Type: Packet Storm Security [08-14-2014] VirtualBox 3D Acceleration Virtual Machine Escape Source: GENTOO Type: UNKNOWN GLSA-201612-27 Source: EXPLOIT-DB Type: EXPLOIT Offensive Exploit Database [03-12-2014] Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [08-14-2014] Source: CCN Type: VirtualBox Web site Oracle VM VirtualBox Source: CONFIRM Type: UNKNOWN https://www.virtualbox.org/changeset/50441/vbox Source: CCN Type: WhiteSource Vulnerability Database CVE-2014-0983 | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||