CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-10402

Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based buffer underflow.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.016

EPSS Ranking 81.1%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 9.3

References

http://www.securityfocus.com/bid/84841
https://bugs.chromium.org/p/project-zero/issues/detail?id=765
http://www.securityfocus.com/bid/84841
https://bugs.chromium.org/p/project-zero/issues/detail?id=765

Products affected by CVE-2016-10402

Avira » Antivirus » Version: 1.0.2303.633

cpe:2.3:a:avira:antivirus:1.0.2303.633
Avira » Antivirus » Version: 5.0.2003.1821

cpe:2.3:a:avira:antivirus:5.0.2003.1821
Avira » Antivirus » Version: 8.3.36.59

cpe:2.3:a:avira:antivirus:8.3.36.59

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-10402

Products

Pricing

Contact Us