module

VirtualBox 3D Acceleration Virtual Machine Escape

Disclosed	Created
Mar 11, 2014	May 30, 2018

Disclosed

Mar 11, 2014

Created

May 30, 2018

Description

This module exploits a vulnerability in the 3D Acceleration support for VirtualBox. The
vulnerability exists in the remote rendering of OpenGL-based 3D graphics. By sending a
sequence of specially crafted rendering messages, a virtual machine can exploit an out
of bounds array access to corrupt memory and escape to the host. This module has been
tested successfully on Windows 7 SP1 (64 bits) as Host running Virtual Box 4.3.6.

Authors

Francisco Falcon
Florian Ledoux
juan vazquez [email protected]

Platform

Windows

Architectures

x64

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use exploit/windows/local/virtual_box_opengl_escape
    msf exploit(virtual_box_opengl_escape) > show targets
        ...targets...
    msf exploit(virtual_box_opengl_escape) > set TARGET < target-id >
    msf exploit(virtual_box_opengl_escape) > show options
        ...show and set options...
    msf exploit(virtual_box_opengl_escape) > exploit

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report