CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-2336

Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.015

EPSS Ranking 80.0%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://www.talosintelligence.com/reports/TALOS-2016-0029/
http://www.talosintelligence.com/reports/TALOS-2016-0029/

Products affected by CVE-2016-2336

Ruby-Lang » Ruby » Version: 2.2.2

cpe:2.3:a:ruby-lang:ruby:2.2.2
Ruby-Lang » Ruby » Version: 2.3.0

cpe:2.3:a:ruby-lang:ruby:2.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-2336

Products

Pricing

Contact Us