• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2018-17479 – Google Chrome USE-AFTER-FREE vulnerability
November 20, 2018
Rewterz Threat Advisory – CVE-2018-13375 – Fortinet FortiAnalyzer Cross-site scripting Vulnerability
November 20, 2018

Rewterz Threat Advisory – Oracle VM VirtualBox Multiple Vulnerabilities

November 20, 2018

Multiple vulnerabilities in Oracle VM VirtualBox can be exploited by malicious users to disclose sensitive information and gain escalated privileges.

 

 

IMPACT:  NORMAL

 

 

PUBLISH DATE:  20-11-2018

 

 

OVERVIEW

 

 

Some vulnerabilities were found in Oracle VM virtual box which can be exploited by malicious attackers in a guest virtual machine to cause information disclosure and gain escalated privileges.

 

 

ANALYSIS

 

 

  • An error within the “e1kFallbackAddSegment()” function can be exploited to cause a heap-based buffer overflow.

 

  • An integer underflow error within the “e1kHandleRxPacket()” function can be exploited to cause a stack-based buffer overflow.

 

Further details were not available at the time of creation of this advisory.

 

 

AFFECTED PRODUCTS

 

 

Oracle VirtualBox 5.x

(The vulnerabilities are specifically reported in 5.2.20. Other versions may also be affected)

 

 

UPDATES

 

 

The flaws are fixed in version 5.2.22.

 

 

 

 

 

If you think you’re a victim of a cyber-attack, immediately send an email to soc@rewterz.com.

  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.