Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-tcbn-c6e2-zycb
Vulnerability ID VCID-tcbn-c6e2-zycb
Aliases CVE-2014-2477
Summary Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2486.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.07491 https://api.first.org/data/v1/epss?cve=CVE-2014-2477
epss 0.07491 https://api.first.org/data/v1/epss?cve=CVE-2014-2477
epss 0.07491 https://api.first.org/data/v1/epss?cve=CVE-2014-2477
epss 0.07491 https://api.first.org/data/v1/epss?cve=CVE-2014-2477
epss 0.07491 https://api.first.org/data/v1/epss?cve=CVE-2014-2477
epss 0.07491 https://api.first.org/data/v1/epss?cve=CVE-2014-2477
epss 0.07491 https://api.first.org/data/v1/epss?cve=CVE-2014-2477
epss 0.07491 https://api.first.org/data/v1/epss?cve=CVE-2014-2477
epss 0.07491 https://api.first.org/data/v1/epss?cve=CVE-2014-2477
epss 0.07491 https://api.first.org/data/v1/epss?cve=CVE-2014-2477
epss 0.07491 https://api.first.org/data/v1/epss?cve=CVE-2014-2477
epss 0.07491 https://api.first.org/data/v1/epss?cve=CVE-2014-2477
epss 0.07491 https://api.first.org/data/v1/epss?cve=CVE-2014-2477
cvssv2 3.6 https://nvd.nist.gov/vuln/detail/CVE-2014-2477
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2014-2477
http://seclists.org/fulldisclosure/2014/Dec/23
http://www.exploit-db.com/exploits/34333
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://www.securityfocus.com/bid/68613
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
754939 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754939
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:3.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:3.2.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:3.2.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:3.2.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:3.2.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:3.2.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.18:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:3.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:3.2.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.20:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:3.2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:3.2.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:3.2.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:3.2.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.0.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.18:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.0.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.20:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.0.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.22:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.18:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.20:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.22:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.24:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.26:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.28:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.1.30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.30:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.1.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.14:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.18:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.20:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.2.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.22:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.2.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:4.3.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_virtualbox:4.3.8:*:*:*:*:*:*:*
CVE-2014-2477 https://nvd.nist.gov/vuln/detail/CVE-2014-2477
CVE-2014-2477;OSVDB-109152 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/34333.rb
Data source Metasploit
Description A vulnerability within the VBoxGuest driver allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile on Windows XP SP3 systems. This has been tested with VBoxGuest Additions up to 4.3.10r93012.
Note 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
Ransomware campaign use Unknown
Source publication date July 15, 2014
Platform Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/local/virtual_box_guest_additions.rb
Data source Exploit-DB
Date added Aug. 13, 2014
Description Oracle VM VirtualBox Guest Additions 4.3.10r93012 - 'VBoxGuest.sys' Local Privilege Escalation (Metasploit)
Ransomware campaign use Known
Source publication date Aug. 13, 2014
Exploit type local
Platform windows
Source update date Oct. 27, 2016
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2014-2477
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.91748
EPSS Score 0.07491
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T17:43:30.143160+00:00 EPSS Importer Import https://epss.cyentia.com/epss_scores-current.csv.gz 38.0.0