PrefaceHello from the future!This is a blogpost I originally drafted in early 2017. I wrote what I intended to be the first half of this post (about escaping...

Project Zero is Google's security research team dedicated to finding and fixing zero-day vulnerabilities in software and hardware, aiming to improve the security of the broader internet ecosystem. Security researchers can learn about vulnerability research, exploit development, and responsible disclosure practices to contribute to making the internet safer for everyone.

Project Zero

A detailed technical analysis of CVE-2017-3558, a VM escape vulnerability in VirtualBox's Slirp-based NAT networking implementation. The bug stems from overwriting a trusted buffer length with an untrusted IP packet length field, bypassing all subsequent safety checks. The post demonstrates how to exploit this through heap memory corruption, using UDP packets to leak out-of-bounds data, manipulating inline chunk metadata to achieve arbitrary function calls, and ultimately executing shell commands on the host system. The vulnerability exploits VirtualBox's custom zone allocator with unvalidated inline metadata in release builds.

Thinking Outside The Box [dusted off draft from 2017]