VYPR
Critical severity9.8NVD Advisory· Published Jan 6, 2017· Updated Jun 17, 2026

CVE-2016-2336

CVE-2016-2336

Description

Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Ruby Lang/Ruby3 versions
    cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*
    • (no CPE)range: 2.3.0 dev

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.