Vulnerabilities > CVE-2016-2536 - Resource Management Errors vulnerability in multiple products

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sap

google

CWE-399

NVD

Published: 2016-02-22

Updated: 2016-05-20

Summary

Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP 3D Visual Enterprise Viewer *	1
Application	Google Google Sketchup *	1

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

References

http://www.zerodayinitiative.com/advisories/ZDI-16-174
http://www.zerodayinitiative.com/advisories/ZDI-16-176
http://www.zerodayinitiative.com/advisories/ZDI-16-175
http://www.zerodayinitiative.com/advisories/ZDI-16-173
http://www.securityfocus.com/bid/83307