According to the Zero Day Initiative profile resource, a vulnerability with the CVE code 2023-22018 has been identified in Oracle VirtualBox. It allows the remote execution of arbitrary code on virtual machines via an RDP protocol session.
In some configurations, the vulnerability could be exploited by an unauthenticated user with network access to the RDP service.
The issue is caused by a bug in the handling of requests to forward access to USB devices. It fails to check the size of transmitted user data, leading to writing outside the allocated memory buffer.
Oracle has fixed the vulnerability in the latest versions of VirtualBox 7.0.10 and VirtualBox 6.1.46. It is recommended to update VirtualBox to the latest version to address the CVE-2023-22018 vulnerability.
You can learn more here.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options: