Повышение привилегий до SYSTEM с помощью Oracle VirtualBox до 7.0.16. Эксплуатация Arbitrary File Write/Delete с помощью симлинков, \RPC Control\, в связке с DLL Hijacking.
Обзор вулны
POC
Обзор вулны
CVE-2024-21111 - Local Privilege Escalation in Oracle VirtualBox - MDSec
VirtualBox is a popular open source, cross-platform, virtualization software developed by Oracle Corporation. Earlier this year we identified an arbitrary file move vulnerability in the VirtualBox system service service that...www.mdsec.co.uk
POC
GitHub - mansk1es/CVE-2024-21111: Oracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability
Oracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability - mansk1es/CVE-2024-21111github.com
