CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
EPSS
Percentile
85.5%
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle
Virtualization VirtualBox before 5.0.14 allows local users to affect
confidentiality, integrity, and availability via unknown vectors related to
Windows Installer. NOTE: the previous information is from the January 2016
CPU. Oracle has not commented on third-party claims that this is an
untrusted search path issue that allows local users to gain privileges via
a Trojan horse dll in the “application directory.”
Author | Note |
---|---|
sbeattie | windows installer, 5.0.x only |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 15.10 | noarch | virtualbox | < 5.0.14-dfsg-0ubuntu1.15.10.1 | UNKNOWN |
www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR
launchpad.net/bugs/cve/CVE-2016-0602
nvd.nist.gov/vuln/detail/CVE-2016-0602
security-tracker.debian.org/tracker/CVE-2016-0602
www.cve.org/CVERecord?id=CVE-2016-0602