Lucene search

MitreCVE-2016-3986

HistoryApr 12, 2016 - 2:00 a.m.

CVE-2016-3986

2016-04-1202:00:09

CWE-119

mitre

web.nvd.nist.gov

avast

cve-2016-3986

vulnerability

denial of service

memory corruption

code execution

pe file

authenticode parsing

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.115

Percentile

95.4%

JSON

Avast allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted PE file, related to authenticode parsing.

Affected configurations

Nvd

Node

avastavastMatch-

VendorProductVersionCPE
avastavast-cpe:2.3:a:avast:avast:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
avast	avast	-	cpe:2.3:a:avast:avast:-:::::::*

References

packetstormsecurity.com/files/136090/Avast-Authenticode-Parsing-Memory-Corruption.html

code.google.com/p/google-security-research/issues/detail?id=668

www.exploit-db.com/exploits/39530/

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.115

Percentile

95.4%

JSON

Related for CVE-2016-3986