CVE-2016-2536

moderate-risk
Published 2016-02-22

Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp.

Do I need to act?

-
0.63% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (2)

Sketchup

Affected Vendors

Sap Google

References (10)

http://www.securityfocus.com/bid/83307
http://www.zerodayinitiative.com/advisories/ZDI-16-173
http://www.zerodayinitiative.com/advisories/ZDI-16-174
http://www.zerodayinitiative.com/advisories/ZDI-16-175
http://www.zerodayinitiative.com/advisories/ZDI-16-176
http://www.securityfocus.com/bid/83307
http://www.zerodayinitiative.com/advisories/ZDI-16-173
http://www.zerodayinitiative.com/advisories/ZDI-16-174
http://www.zerodayinitiative.com/advisories/ZDI-16-175
http://www.zerodayinitiative.com/advisories/ZDI-16-176
39
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 2/34 · Minimal
Exposure 7/34 · Low