Home‎ > ‎

VENOM

pubblicato 16 mag 2015, 02:17 da Antonio Barili   [ aggiornato in data 16 mag 2015, 02:19 ]
VIRTUALIZED ENVIRONMENT NEGLECTED OPERATIONS MANIPULATION
VENOM, CVE-2015-3456 is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems.