Rewterz Threat Advisory – Oracle VM VirtualBox Multiple Vulnerabilities

Rewterz Threat Advisory – CVE-2018-17479 – Google Chrome USE-AFTER-FREE vulnerability

November 20, 2018

Rewterz Threat Advisory – CVE-2018-13375 – Fortinet FortiAnalyzer Cross-site scripting Vulnerability

November 20, 2018

Rewterz Threat Advisory – Oracle VM VirtualBox Multiple Vulnerabilities

Multiple vulnerabilities in Oracle VM VirtualBox can be exploited by malicious users to disclose sensitive information and gain escalated privileges.

IMPACT: NORMAL

PUBLISH DATE: 20-11-2018

OVERVIEW

Some vulnerabilities were found in Oracle VM virtual box which can be exploited by malicious attackers in a guest virtual machine to cause information disclosure and gain escalated privileges.

ANALYSIS

An error within the “e1kFallbackAddSegment()” function can be exploited to cause a heap-based buffer overflow.

An integer underflow error within the “e1kHandleRxPacket()” function can be exploited to cause a stack-based buffer overflow.

Further details were not available at the time of creation of this advisory.

AFFECTED PRODUCTS

Oracle VirtualBox 5.x

(The vulnerabilities are specifically reported in 5.2.20. Other versions may also be affected)

UPDATES

The flaws are fixed in version 5.2.22.

If you think you’re a victim of a cyber-attack, immediately send an email to soc@rewterz.com.

Rewterz Threat Advisory – CVE-2018-17479 – Google Chrome USE-AFTER-FREE vulnerability

Rewterz Threat Advisory – CVE-2018-13375 – Fortinet FortiAnalyzer Cross-site scripting Vulnerability

Rewterz Threat Advisory – Oracle VM VirtualBox Multiple Vulnerabilities

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan