{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-03-11T00:00:00", "descriptions": [{"lang": "en", "value": "VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "32208", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/32208"}, {"name": "GLSA-201612-27", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201612-27"}, {"name": "57384", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/57384"}, {"name": "20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/531418/100/0/threaded"}, {"name": "DSA-2904", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2904"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.virtualbox.org/changeset/50437/vbox"}, {"name": "20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2014/Mar/95"}, {"tags": ["x_refsource_MISC"], "url": "http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-0981", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "32208", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/32208"}, {"name": "GLSA-201612-27", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201612-27"}, {"name": "57384", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57384"}, {"name": "20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/531418/100/0/threaded"}, {"name": "DSA-2904", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2904"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"}, {"name": "https://www.virtualbox.org/changeset/50437/vbox", "refsource": "CONFIRM", "url": "https://www.virtualbox.org/changeset/50437/vbox"}, {"name": "20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Mar/95"}, {"name": "http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities", "refsource": "MISC", "url": "http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-0981", "datePublished": "2014-03-28T21:00:00", "dateReserved": "2014-01-07T00:00:00", "dateUpdated": "2018-10-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "DB32F058-DDF8-4942-8D40-E3F97E4A44CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "C6BF7C87-3D44-4BAD-8A13-A0D3CEF6B413", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "39A70834-328F-4095-8515-DCF00EB7F41A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "C9EDA1CE-050F-4386-AC6D-690D4337ACF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "783B92AB-5FAA-43A6-8525-9725289B6785", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "C7AFC93C-A4AC-4189-B467-07C4CC7D2810", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "90379DE6-0E7E-4577-AF55-51801EEC5996", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "8405F02F-805E-4472-A6B3-EC7746E25141", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*", "matchCriteriaId": "71F68055-FD2D-4B4C-A0C7-EC507D4D82B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*", "matchCriteriaId": "2C5E21CB-335F-4DE0-A578-C3097E0D5AE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*", "matchCriteriaId": "C50DDA06-9C87-494C-B3F4-C8919FB47A27", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "7C652C69-3F7D-4527-9D8B-81C95D2B5194", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "A0D46897-F49D-4D9A-819A-846F6833F3B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "ED513E51-2F4F-4CBA-BA4E-0960C76775D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "22B0A194-02D5-4F3B-9317-2AB267D7E447", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982."}, {"lang": "es", "value": "Se presenta una vulnerabilidad en el archivo VBox/GuestHost/OpenGL/util/net.c en Oracle VirtualBox versiones anteriores a 3.2.22, versiones 4.0.x anteriores a 4.0.24, versiones 4.1.x anteriores a 4.1.32, versiones 4.2.x anteriores a 4.2.24 y versiones 4.3.x anteriores a 4.3. 8, cuando se usa la aceleraci\u00f3n 3D, los usuarios del OS invitado local pueden ejecutar un c\u00f3digo arbitrario en el servidor Chromium por medio de un puntero de red Chromium dise\u00f1ado en un mensaje (1) CR_MESSAGE_READBACK o (2) CR_MESSAGE_WRITEBACK hacia el servicio VBoxSharedCrOpenGL, lo que desencadena una desreferencia de puntero arbitraria y la corrupci\u00f3n de la memoria . NOTA: este problema fue FUSIONADO con el CVE-2014-0982 porque es el mismo tipo de vulnerabilidad afectando al mismo conjunto de versiones. Todos los usuarios de CVE deben hacer referencia a CVE-2014-0981 en lugar de CVE-2014-0982."}], "id": "CVE-2014-0981", "lastModified": "2018-10-09T19:42:15.813", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-03-31T14:58:35.570", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Mar/95"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/57384"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2014/dsa-2904"}, {"source": "cve@mitre.org", "url": "http://www.exploit-db.com/exploits/32208"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/531418/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201612-27"}, {"source": "cve@mitre.org", "url": "https://www.virtualbox.org/changeset/50437/vbox"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}