1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
Candidate: CVE-2016-2336
PublicDate: 2017-01-06
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2336
http://www.talosintelligence.com/reports/TALOS-2016-0029/
Description:
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke
and ole_query_interface. Attacker passing different type of object than
this assumed by developers can cause arbitrary code execution.
Ubuntu-Description:
Notes:
mdeslaur> win32ole not in binary package
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_ruby2.3:
upstream_ruby2.3: needs-triage
precise_ruby2.3: DNE
trusty_ruby2.3: DNE
vivid/stable-phone-overlay_ruby2.3: DNE
vivid/ubuntu-core_ruby2.3: DNE
xenial_ruby2.3: not-affected
yakkety_ruby2.3: not-affected
devel_ruby2.3: not-affected
|