CVE-2016-4499

low-risk

Published 2016-05-12

Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors.

Do I need to act?

0.12% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.2/10 Medium

LOCAL / HIGH complexity

Affected Products (1)

Fpwin Pro

Affected Vendors

Panasonic

References (8)

http://www.securityfocus.com/bid/90522

http://zerodayinitiative.com/advisories/ZDI-16-330/

http://zerodayinitiative.com/advisories/ZDI-16-331/

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01

http://www.securityfocus.com/bid/90522

http://zerodayinitiative.com/advisories/ZDI-16-330/

http://zerodayinitiative.com/advisories/ZDI-16-331/

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01

/ 100

low-risk

Severity 11/34 · Low

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal