Remote Code Execution Vulnerability affects VirtualBox, a fix is already available

According to the Zero Day Initiative profile resource, a vulnerability with the CVE code 2023-22018 has been identified in Oracle VirtualBox. It allows the remote execution of arbitrary code on virtual machines via an RDP protocol session.

In some configurations, the vulnerability could be exploited by an unauthenticated user with network access to the RDP service.

The issue is caused by a bug in the handling of requests to forward access to USB devices. It fails to check the size of transmitted user data, leading to writing outside the allocated memory buffer.

Oracle has fixed the vulnerability in the latest versions of VirtualBox 7.0.10 and VirtualBox 6.1.46. It is recommended to update VirtualBox to the latest version to address the CVE-2023-22018 vulnerability.

You can learn more here.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

Leave a Reply

Your email address will not be published.

Exit mobile version
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.