• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Unpatched VirtualBox Zero-Day Vulnerability and Exploit Released Online

November 14, 2018 by Raaghav Sharma Leave a Comment

An independent exploit developer and vulnerability researcher has publicly disclosed a zero-day vulnerability in VirtualBox—a popular open source virtualization software developed by Oracle—that could allow a malicious program to escape virtual machine (guest OS) and execute code on the operating system of the host machine.
The vulnerability occurs due to memory corruption issues and affects Intel PRO / 1000 MT Desktop (82540EM) network card (E1000) when the network mode is set to NAT (Network Address Translation).
The flaw is independent of the type of operating system being used by the virtual and host machines because it resides in a shared code base.

The vulnerability allows an attacker or a malicious program with root or administrator rights in the guest OS to escape and execute arbitrary code in the application layer (ring 3) of the host OS, which is used for running code from most user programs with the least privileges.

However, until it is patched, users can protect themselves against potential cyber attacks by changing the network card of their “virtual machines to PCnet (either of two) or to Paravirtualized Network.”

https://thehackernews.com/2018/11/virtualbox-zero-day-exploit.html

 

Filed Under: Week 11: SQL Injection Tagged With:

Reader Interactions

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in