Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service (PoC)

vendor:

VirtualBox Manager

by:

Jose Eduardo Castro

7.8

CVSS

HIGH

Denial of Service

400

CWE

Product Name: VirtualBox Manager

Affected Version From: 5.2.18 r124319

Affected Version To: 5.2.18 r124319

Patch Exists: YES

Related CWE: N/A

CPE: a:oracle:virtualbox

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 7 Ultimate x64 es

2018

Oracle VirtualBox Manager 5.2.18 r124319 – ‘Name Attribute’ Denial of Service (PoC)

A denial of service vulnerability exists in Oracle VirtualBox Manager 5.2.18 r124319 when a crafted string is pasted into the 'Name' attribute of a storage controller, resulting in a crash of the application.

Mitigation:

Upgrade to the latest version of Oracle VirtualBox Manager.

Source

Oracle VirtualBox Manager 5.2.18 r124319 – ‘Name Attribute’ Denial of Service (PoC)

Mitigation:

Exploit-DB raw data: