High severity8.4NVD Advisory· Published Jan 27, 2017· Updated May 13, 2026

CVE-2017-3316

Description

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4 (Confidentiality, Integrity and Availability impacts).

Affected products

Oracle Corporation/Vm Virtualbox2 versions
cpe:2.3:a:oracle:vm_virtualbox:5.0.30:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:vm_virtualbox:5.0.30:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_virtualbox:5.1.12:*:*:*:*:*:*:*
Oracle/VM VirtualBoxv5
Range: prior to 5.0.32

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.htmlnvdPatchVendor Advisory
www.securityfocus.com/bid/95579nvd
www.securitytracker.com/id/1037638nvd
security.gentoo.org/glsa/201702-08nvd
www.exploit-db.com/exploits/41196/nvd

News mentions

No linked articles in our index yet.

cvss	0.546
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000