Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-rb61-s8yy-6fh1
Vulnerability ID VCID-rb61-s8yy-6fh1
Aliases CVE-2017-10129
Summary Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2017-10129
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2017-10129
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2017-10129
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2017-10129
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2017-10129
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2017-10129
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2017-10129
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2017-10129
epss 0.00273 https://api.first.org/data/v1/epss?cve=CVE-2017-10129
ssvc Track https://www.exploit-db.com/exploits/42426/
ssvc Track http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
ssvc Track http://www.securityfocus.com/bid/99638
ssvc Track http://www.securitytracker.com/id/1038929
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2017-10129
1038929 http://www.securitytracker.com/id/1038929
42426 https://www.exploit-db.com/exploits/42426/
99638 http://www.securityfocus.com/bid/99638
CVE-2017-10129 Exploit https://bugs.chromium.org/p/project-zero/issues/detail?id=1296
CVE-2017-10129 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/42426.txt
Data source Exploit-DB
Date added Aug. 3, 2017
Description VirtualBox 5.1.22 - Windows Process DLL UNC Path Signature Bypass Privilege Escalation
Ransomware campaign use Known
Source publication date Aug. 3, 2017
Exploit type local
Platform windows
Source update date Aug. 3, 2017
Source URL https://bugs.chromium.org/p/project-zero/issues/detail?id=1296
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T15:39:23Z/ Found at https://www.exploit-db.com/exploits/42426/
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T15:39:23Z/ Found at http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T15:39:23Z/ Found at http://www.securityfocus.com/bid/99638
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T15:39:23Z/ Found at http://www.securitytracker.com/id/1038929
Exploit Prediction Scoring System (EPSS)
Percentile 0.50633
EPSS Score 0.00273
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T17:49:19.608764+00:00 EPSS Importer Import https://epss.cyentia.com/epss_scores-current.csv.gz 38.0.0