Memory corruption - CVE-2016-5308
Published: July 11, 2016 / Updated: November 22, 2018
Vulnerability identifier: #VU109
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-5308
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a remote attacker to cause the target system to crash.
The vulnerability exists due to a memory corruption error when processing PE files. A remote unauthenticated attacker can cause the target system to crash by creating a specially crafted portable-executable (PE) file, once downloaded, must be manipulated on the targeted system hard drive to interact with the vulnerable CIDS engine.
Successful exploitation of this vulnerability may result in denial of service.
The vulnerability exists due to a memory corruption error when processing PE files. A remote unauthenticated attacker can cause the target system to crash by creating a specially crafted portable-executable (PE) file, once downloaded, must be manipulated on the targeted system hard drive to interact with the vulnerable CIDS engine.
Successful exploitation of this vulnerability may result in denial of service.
How to mitigate CVE-2016-5308
The vendor has issued a fix (CIDS 15.1.2), available via LiveUpdate.