CVE-2024-21107 PoC — Oracle Virtualization 安全漏洞

Source

https://github.com/Alaatk/CVE-2024-21107

Associated Vulnerability

Title:Oracle Virtualization 安全漏洞 (CVE-2024-21107)
Description:Oracle Virtualization和Oracle VM VirtualBox都是美国甲骨文（Oracle）公司的产品。Oracle Virtualization是一套虚拟化解决方案。该产品用于统一管理从应用程序到磁盘的整个硬件和软件体系，可实现从桌面到数据中心的虚拟化。Oracle VM VirtualBox是一款虚拟机管理软件。 Oracle Virtualization 的 Oracle VM VirtualBox存在安全漏洞。攻击者利用该漏洞导致 Oracle VM VirtualBox 被

Description

Oracle VM VirtualBox for Windows prior to 7.0.16 - Elevation of Privileges

Readme

# CVE-2024-21107
Oracle VM VirtualBox for Windows prior to 7.0.16 - Elevation of Privileges

### Description:
A vulnerability has been identified in Oracle VM VirtualBox on Windows where the setup fails to set proper access rights for its installation folder if a non-default installation path was chosen during installation. This allows any authenticated local attacker to inject arbitrary code and escalate privileges to the SYSTEM context.

### Affected versions
Oracle VM VirtualBox up to 7.0.14

fixed starting with 7.0.16

### Impacted service(s)
Service Name: VBoxSDS (non-default installation path)

#### Discovered by: 
* Alaa Kachouh
* Ali Jammal of Deloitte Netherlands

File Snapshot


 [4.0K]  /data/pocs/bc244cbc8f4508df323564ab21aa6a7bc4b2f97a
└── [ 682]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!