Boundary Error in FlexNet Publisher Licensing Service on Windows
CVE-2016-10395

7.8HIGH

Key Information:

Vendor

Flexera Software Llc

Status
Flexnet Publisher
Vendor
CVE Published:
15 June 2017

What is CVE-2016-10395?

A boundary error in FlexNet Publisher's Licensing Service on Windows allows for out-of-bounds memory read access. This vulnerability can be exploited by attackers to execute arbitrary code with SYSTEM privileges, which poses significant risks to the security and integrity of the systems utilizing FlexNet Publisher. To mitigate this vulnerability, ensure that your installations are updated to Luton SP1 or later.

Affected Version(s)

FlexNet Publisher Versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform

References

https://secuniaresearch.flexerasoftware.com/advisories/76...
x_refsource_MISC
https://www.citect.schneider-electric.com/safety-and-secu...
x_refsource_CONFIRM
https://www.schneider-electric.com/en/download/document/S...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.