CVE-2016-0602

NameCVE-2016-0602
DescriptionUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Installer. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the "application directory."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
virtualbox (PTS)jessie/contrib (security), jessie/contrib4.3.36-dfsg-1+deb8u1fixed
sid/contrib, buster/contrib5.1.28-dfsg-1fixed
wheezy, wheezy (security)4.1.42-dfsg-1+deb7u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
virtualboxsource(unstable)(not affected)

Notes

- virtualbox <not-affected> (VirtualBox Windows Installer component)
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR

Search for package or bug name: Reporting problems