Vulnerability Details : CVE-2014-4228
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.
Products affected by CVE-2014-4228
- cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.2.22:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:4.1.30:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-4228
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-4228
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST |
References for CVE-2014-4228
-
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
VMSA-2014-0012.1
-
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
Oracle Critical Patch Update - July 2014Vendor Advisory
-
http://seclists.org/fulldisclosure/2014/Dec/23
Full Disclosure: NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/94613
Oracle VM VirtualBox Graphics driver (WDDM) for Windows guests unspecified CVE-2014-4228 Vulnerability Report
-
http://www.securityfocus.com/bid/68601
Oracle VM VirtualBox CVE-2014-4228 Local Security Vulnerability
-
http://www.securityfocus.com/archive/1/534161/100/0/threaded
SecurityFocus
Jump to