Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2016-0602

Published: 21 January 2016

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Installer. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the "application directory."

Notes

AuthorNote
sbeattie
windows installer, 5.0.x only

Priority

Negligible

Status

Package Release Status
virtualbox
Launchpad, Ubuntu, Debian
xenial Not vulnerable
(5.0.14-dfsg-1)
upstream Needs triage

precise Not vulnerable
(5.0 + windows only)
trusty Does not exist
(trusty was not-affected [5.0 + windows only])
vivid Does not exist

wily
Released (5.0.14-dfsg-0ubuntu1.15.10.1)