home.aspx
 
. https://lifars.com/2018/11/virtualbox-unpatched-zero-day-online/
blog article
VIRTUALBOX UNPATCHED ZERO-DAY VULNERABILITY AND EXPLOIT RELEASED ONLINE
A Major Oracle VirtualBox Zero-Day vulnerability and exploit were released by a disgruntled security researcher. The vulnerability affects versions of VirtualBox up to 5.2.20. The vulnerability allows a malicious actor with administrator or root access on the guest OS to bypass the guest OS and execute code on the host operating system. The vulnerability lies in the shared code base hence it is platform independent. The vulnerability occurs due to memory corruption issues within the Intel Pro 1000 MT Desktop virtual adapter when put in Network Address Translation (NAT) mode. This is the default configuration for most virtual machines that are created using VirtualBox. Given the highly detailed explanation of how the vulnerability is exploited and the fact that it affects the default configuration on most virtual machines it is very serious and puts a large population of virtual machines at risk. READ MORE