SB2016061403 - Remote code execution in Adobe DNG SDK
Published: June 15, 2016 Updated: July 1, 2016
Security Bulletin ID
SB2016061403
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory corruption (CVE-ID: CVE-2016-4167)
The vulnerability allow a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to unspecified error in Adobe DNG SDK. A remote unauthenticated attacker can cause memory corruption via unspecified vectors.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.