CVE-2016-10395
HIGHFlexNet Publisher < 11.14.1.1 - Out-of-Bounds Memory Read via Named Pipe
Title source: llmDescription
In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.
References (6)
Core 6
Core References
Permissions Required, Third Party Advisory x_refsource_misc
https://secuniaresearch.flexerasoftware.com/advisories/76368/
Various Sources x_refsource_confirm
https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager
Various Sources x_refsource_confirm
https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/
Various Sources x_refsource_confirm
https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/
Various Sources x_refsource_confirm
https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/
Various Sources x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01
Scores
CVSS v3
7.8
EPSS
0.0040
EPSS Percentile
32.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (2)
Flexera Software LLC/FlexNet Publisher
Versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platfor
flexerasoftware/flexnet_publisher
< 11.14.1
Published
Jun 15, 2017
Tracked Since
Feb 18, 2026