Details of VAR-201603-0146

ID

VAR-201603-0146

CVE

CVE-2016-1736

TITLE

Apple OS X of Bluetooth Vulnerable to arbitrary code execution in a privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2016-001883

DESCRIPTION

Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1735. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.11 through 10.11.3 are vulnerable. Bluetooth is one of the Bluetooth components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002 OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses the following: apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. This issue was addressed through improved input validation. CVE-ID CVE-2016-1735 : Jeonghoon Shin@A.D.D CVE-2016-1736 : beist and ABH of BoB Carbon Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2016-1737 : an anonymous researcher dyld Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker may tamper with code-signed applications to execute arbitrary code in the application's context Description: A code signing verification issue existed in dyld. This issue was addressed with improved validation. CVE-ID CVE-2016-1738 : beist and ABH of BoB FontParser Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI) HTTPProtocol Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2016-1743 : Piotr Bania of Cisco Talos CVE-2016-1744 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition existed during the creation of new processes. This was addressed through improved state handling. CVE-ID CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero CVE-2016-1759 : lokihardt Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1758 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762 Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a JavaScript link can reveal sensitive user information Description: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks. CVE-ID CVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox NVIDIA Graphics Drivers Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1741 : Ian Beer of Google Project Zero OpenSSH Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Connecting to a server may leak sensitive user information, such as a client's private keys Description: Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client. These were addressed by updating LibreSSL to version 2.1.8. This issue was addressed by updating OpenSSL to version 0.9.8zh. CVE-ID CVE-2015-3195 Python Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1767 : Francis Provencher from COSIG CVE-2016-1768 : Francis Provencher from COSIG QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1769 : Francis Provencher from COSIG Reminders Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a tel link can make a call without prompting the user Description: A user was not prompted before invoking a call. This was addressed through improved entitlement checks. CVE-ID CVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of Laurent.ca Ruby Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An unsafe tainted string usage vulnerability existed in versions prior to 2.0.0-p648. This issue was addressed by updating to version 2.0.0-p648. CVE-ID CVE-2015-7551 Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to check for the existence of arbitrary files Description: A permissions issue existed in code signing tools. This was addressed though additional ownership checks. CVE-ID CVE-2016-1773 : Mark Mentovai of Google Inc. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab Tcl Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by removing libpng. This issue was addressed through improved input validation. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher OS X El Capitan 10.11.4 includes the security content of Safari 9.1. https://support.apple.com/kb/HT206171 OS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6 ARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w HiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l Jy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau /71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi UhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng O+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78 juPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF i9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP Izo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X qlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q VZmOKa8qMxB1L/JmdCqy =mZR+ -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2016-1736 // JVNDB: JVNDB-2016-001883 // BID: 85056 // VULHUB: VHN-90555 // PACKETSTORM: 136346

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11 to 10.11.3	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.3	Trust: 0.6

sources: JVNDB: JVNDB-2016-001883 // CNNVD: CNNVD-201603-331 // NVD: CVE-2016-1736

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1736
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1736
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201603-331
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-90555
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-1736
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90555
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1736
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-90555 // JVNDB: JVNDB-2016-001883 // CNNVD: CNNVD-201603-331 // NVD: CVE-2016-1736

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-90555 // JVNDB: JVNDB-2016-001883 // NVD: CVE-2016-1736

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-331

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201603-331

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001883

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002	url:	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html	Trust: 0.8
title:	HT206167	url:	https://support.apple.com/en-us/HT206167	Trust: 0.8
title:	HT206167	url:	https://support.apple.com/ja-jp/HT206167	Trust: 0.8
title:	Apple OS X Bluetooth Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60657	Trust: 0.6

sources: JVNDB: JVNDB-2016-001883 // CNNVD: CNNVD-201603-331

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1736	Trust: 2.9
db:	SECTRACK	id:	1035363	Trust: 1.1
db:	JVN	id:	JVNVU97668313	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-001883	Trust: 0.8
db:	CNNVD	id:	CNNVD-201603-331	Trust: 0.7
db:	SECUNIA	id:	63459	Trust: 0.6
db:	ZDI	id:	ZDI-16-206	Trust: 0.3
db:	ZDI	id:	ZDI-16-205	Trust: 0.3
db:	ZDI	id:	ZDI-16-202	Trust: 0.3
db:	BID	id:	85056	Trust: 0.3
db:	VULHUB	id:	VHN-90555	Trust: 0.1
db:	PACKETSTORM	id:	136346	Trust: 0.1

sources: VULHUB: VHN-90555 // BID: 85056 // JVNDB: JVNDB-2016-001883 // PACKETSTORM: 136346 // CNNVD: CNNVD-201603-331 // NVD: CVE-2016-1736

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html	Trust: 1.7
url:	https://support.apple.com/ht206167	Trust: 1.1
url:	http://www.securitytracker.com/id/1035363	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1736	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97668313/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1736	Trust: 0.8
url:	https://support.apple.com/en-us/ht206167	Trust: 0.6
url:	http://secunia.com/advisories/63459	Trust: 0.6
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-202	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-205	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-206	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7551	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0777	Trust: 0.1
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8659	Trust: 0.1
url:	https://gpgtools.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8035	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8472	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1819	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3195	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7499	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0801	Trust: 0.1
url:	http://www.apple.com/support/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8242	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8126	Trust: 0.1
url:	https://support.apple.com/kb/ht206171	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1732	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5312	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7942	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7500	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-9495	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1734	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1740	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5334	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1733	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1736	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1735	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0778	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5333	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0802	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1738	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1737	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0973	Trust: 0.1

sources: VULHUB: VHN-90555 // BID: 85056 // JVNDB: JVNDB-2016-001883 // PACKETSTORM: 136346 // CNNVD: CNNVD-201603-331 // NVD: CVE-2016-1736

CREDITS

Proteas of Qihoo 360 Nirvan Team, Andrea Barisani and Andrej Rosano of Inverse Path, beist and ABH of BoB, Jeonghoon Shin@A.D.D, HappilyCoded, Ian Beer of Google Project Zero, sweetchip of Grayhash, Piotr Bania of Cisco Talos, Peter Pi, Juwei Lin , Matthe

Trust: 0.3

sources: BID: 85056

SOURCES

db:	VULHUB	id:	VHN-90555
db:	BID	id:	85056
db:	JVNDB	id:	JVNDB-2016-001883
db:	PACKETSTORM	id:	136346
db:	CNNVD	id:	CNNVD-201603-331
db:	NVD	id:	CVE-2016-1736

LAST UPDATE DATE

2025-04-13T21:37:04.291000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90555	date:	2016-12-03T00:00:00
db:	BID	id:	85056	date:	2016-07-05T21:57:00
db:	JVNDB	id:	JVNDB-2016-001883	date:	2016-03-28T00:00:00
db:	CNNVD	id:	CNNVD-201603-331	date:	2016-03-24T00:00:00
db:	NVD	id:	CVE-2016-1736	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90555	date:	2016-03-24T00:00:00
db:	BID	id:	85056	date:	2016-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2016-001883	date:	2016-03-28T00:00:00
db:	PACKETSTORM	id:	136346	date:	2016-03-22T15:18:02
db:	CNNVD	id:	CNNVD-201603-331	date:	2016-03-23T00:00:00
db:	NVD	id:	CVE-2016-1736	date:	2016-03-24T01:59:08.980