

Rewterz Threat Advisory – CVE-2018-17479 – Google Chrome USE-AFTER-FREE vulnerability
November 20, 2018
Rewterz Threat Advisory – CVE-2018-13375 – Fortinet FortiAnalyzer Cross-site scripting Vulnerability
November 20, 2018
Rewterz Threat Advisory – CVE-2018-17479 – Google Chrome USE-AFTER-FREE vulnerability
November 20, 2018
Rewterz Threat Advisory – CVE-2018-13375 – Fortinet FortiAnalyzer Cross-site scripting Vulnerability
November 20, 2018Multiple vulnerabilities in Oracle VM VirtualBox can be exploited by malicious users to disclose sensitive information and gain escalated privileges.
IMPACT: NORMAL
PUBLISH DATE: 20-11-2018
OVERVIEW
Some vulnerabilities were found in Oracle VM virtual box which can be exploited by malicious attackers in a guest virtual machine to cause information disclosure and gain escalated privileges.
ANALYSIS
- An error within the “e1kFallbackAddSegment()” function can be exploited to cause a heap-based buffer overflow.
- An integer underflow error within the “e1kHandleRxPacket()” function can be exploited to cause a stack-based buffer overflow.
Further details were not available at the time of creation of this advisory.
AFFECTED PRODUCTS
Oracle VirtualBox 5.x
(The vulnerabilities are specifically reported in 5.2.20. Other versions may also be affected)
UPDATES
The flaws are fixed in version 5.2.22.
If you think you’re a victim of a cyber-attack, immediately send an email to soc@rewterz.com.