CVE-2016-0602
First published: Thu Jan 21 2016(Updated: )
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Installer. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the "application directory."
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle VM VirtualBox | <=5.0.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-0602?
CVE-2016-0602 has a moderate severity level due to its potential impact on confidentiality, integrity, and availability.
How do I fix CVE-2016-0602?
To fix CVE-2016-0602, upgrade Oracle VM VirtualBox to version 5.0.14 or later.
What versions of Oracle VM VirtualBox are affected by CVE-2016-0602?
CVE-2016-0602 affects Oracle VM VirtualBox versions prior to 5.0.14.
What types of attacks could exploit CVE-2016-0602?
CVE-2016-0602 could be exploited by local users using unknown vectors related to Windows Installer.
Is CVE-2016-0602 still relevant today?
While CVE-2016-0602 is an older vulnerability, it is still important for users of affected Oracle VM VirtualBox versions to apply updates.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/remedy
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/oracle
- canonical/oracle vm virtualbox
- version/oracle vm virtualbox/5.0.12