[vbox-dev] "Disgruntled Security Researcher Publishes Major VirtualBox 0-Day Exploit"
stephanecharette at gmail.com
Sat Nov 10 21:25:12 UTC 2018
This just hit Slashdot: "According to a text file uploaded on GitHub,
Saint Petersburg-based researcher Sergey Zelenyuk has found a chain of bugs
that can allow malicious code to escape the VirtualBox virtual machine (the
guest OS) and execute on the underlying (host) operating system."
One example article:
His github repo has the technical details. He shows how you can create a
console shell to start on the host by using a buffer overrun in the guest:
The "disgruntled security researcher" part is difficult to read and
understand due to broken English. More info is available on his github
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the vbox-dev