module
VirtualBox 3D Acceleration Virtual Machine Escape
| Disclosed | Created |
|---|---|
| 2014-03-11 | 2018-05-30 |
Disclosed
2014-03-11
Created
2018-05-30
Description
This module exploits a vulnerability in the 3D Acceleration support for VirtualBox. The
vulnerability exists in the remote rendering of OpenGL-based 3D graphics. By sending a
sequence of specially crafted rendering messages, a virtual machine can exploit an out
of bounds array access to corrupt memory and escape to the host. This module has been
tested successfully on Windows 7 SP1 (64 bits) as Host running Virtual Box 4.3.6.
vulnerability exists in the remote rendering of OpenGL-based 3D graphics. By sending a
sequence of specially crafted rendering messages, a virtual machine can exploit an out
of bounds array access to corrupt memory and escape to the host. This module has been
tested successfully on Windows 7 SP1 (64 bits) as Host running Virtual Box 4.3.6.
Authors
Francisco Falcon
Florian Ledoux
juan vazquez juan.vazquez@metasploit.com
Florian Ledoux
juan vazquez juan.vazquez@metasploit.com
Platform
Windows
Architectures
x64
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.