EDB-ID: 41904 CVE: 2017-3558 Author: GOOGLE SECURITY RESEARCH Type: LOCAL Platform: MULTIPLE Date: 2017-04-20 Vulnerable App: Oracle VM VirtualBox Vulnerability Details: Summary: The vulnerability in VirtualBox allows an attacker with root privileges in a guest VM to escalate privileges on the host machine by corrupting the memory of the userspace host process and leaking memory contents. Issue: The vulnerability exists in the function in due to improper length field handling. Impact: An attacker can exploit this to execute arbitrary code on the host system in userspace context. Exploit Setup: The proof-of-concept (PoC) is provided and tested on VirtualBox version 5.1.14. Specific conditions for successful exploitation include using specific versions of Ubuntu, libc6 package, and VirtualBox. Exploit Details: Attack Primitives: - Leak out-of-bounds heap data using UDP packets with checksum 0 and a bogus length field. - Leak data via ICMP Echo Requests. - Corrupt the heap to overwrite memory. Exploit Execution: - Compile and run helper and guest-side exploit code. - Send crafted packets to trigger memory corruption and arbitrary code execution. Success Confirmation: Check for a new file on the host with the output of the "id" command.