How severe is CVE-2017-3316?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.4 out of 10.

What type of vulnerability is CVE-2017-3316?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2017-3316 - HIGH Severity | CVSS 8.4

Vulnerability Description

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4 (Confidentiality, Integrity and Availability impacts).

Related Vulnerabilities

CVE-2010-1896

HIGH

CVSS:8.4(High)

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate use...

CWE-202010

CVE-2012-0157

HIGH

CVSS:8.4(High)

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not prop...

CWE-202012

CVE-2015-7551

HIGH

CVSS:8.4(High)

The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles t...

CWE-202015

CVE-2016-0100

HIGH

CVSS:8.4(High)

Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Library Loading Input Validation Remote Code Exec...

CWE-202016

CVE-2016-0834

HIGH

CVSS:8.4(High)

An unspecified media codec in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, ...

CWE-202016

CVE-2016-0909

HIGH

CVSS:8.4(High)

EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users.

CWE-202016