CVE-2016-10395

2017-06-1516:00:00

flexera

www.cve.org

0.001 Low

EPSS

Percentile

32.4%

JSON

In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.

CNA Affected

[
  {
    "product": "FlexNet Publisher",
    "vendor": "Flexera Software LLC",
    "versions": [
      {
        "status": "affected",
        "version": "Versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform"
      }
    ]
  }
]

References

ics-cert.us-cert.gov/advisories/ICSA-18-144-01

secuniaresearch.flexerasoftware.com/advisories/76368/

www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager

www.schneider-electric.com/en/download/document/SEVD-2018-046-01/

www.schneider-electric.com/en/download/document/SEVD-2018-137-01/

www.schneider-electric.com/en/download/document/SEVD-2018-144-01/