Описание
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ruby2.3 | not-affected | package | ||
| ruby2.1 | not-affected | package |
Примечания
Vulnerable win32ole ruby extension not included in binary packages, specific to Windows
http://www.talosintelligence.com/reports/TALOS-2016-0029/
EPSS
Связанные уязвимости
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.
Уязвимость класса WIN32OLE методов ole_invoke и ole_query_interface интерпретатора Ruby, позволяющая нарушителю выполнить произвольный код
EPSS