CVE-2022-39424 Vulnerability in Oracle VirtualBox that affects prior to 6.1.40 versions.

VU#110137 - CVE-2017-5407 (Redirected from ). VU#110137 - CVE-2017-5407 (Redirected from Oracle Virtualization ). Redirection occurs when an attacker with VRDP access to an Oracle VM VirtualBox server is able to convince a user to access a specially crafted web site. The attacker then injects a specially crafted URL that redirects the user to a malicious site. This can be used to inject a fake "Remote Desktop" access prompt. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). VU#110137 - CVE-2017-5407 (Redirected from ). VU#110137 - CVE-2017-5407 (Redirected from Oracle Virtualization ). Redirection occurs when an attacker with VRDP access to an Oracle VM VirtualBox server is able to convince a user to access a specially crafted web site. The attacker then injects a specially crafted URL that redirects the user to a malicious site. This can be used to inject a fake "Remote Desktop" access prompt. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/

Oracle Virtualization (OVM) Software

Oracle VM VirtualBox is a software application that simulates a computer inside a computer. It is used to create and run virtual machines on computers with multiple operating systems installed. The Oracle VM VirtualBox is one of the most popular virtualization platforms, with more than six million users worldwide.

Oracle Virtualization (OVM) OVM Core Services

OVM Core Services is the package of Oracle VM VirtualBox that provides a platform for virtualization solutions. The packages and files in this repository are subject to the Apache 2.0 license.

Clickjacking

Clickjacking occurs when a remote attacker is able to trick a user into clicking on an embedded hyperlink that takes the victim to a website they did not intend to visit. This can occur when someone clicks on an email, chat message, or pop-up ad with a hyperlink that has been altered by the attacker. For example, some malicious websites will display an image that looks like a login button for Facebook or Google.

Timeline

Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC

References

• https://www.oracle.com/security-alerts/cpuoct2022.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39424