The host is installed with Oracle VM (Sun xVM) VirtualBox before 1.6.4 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object. Successful exploitation allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.