Symantec Endpoint Protection Flaws in Symantec Decomposer Engine Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID: 1036198|
SecurityTracker URL: http://securitytracker.com/id/1036198
CVE-2016-2207, CVE-2016-2209, CVE-2016-2210, CVE-2016-2211, CVE-2016-3644, CVE-2016-3645, CVE-2016-3646
(Links to External Site)
Date: Jun 29 2016
Execution of arbitrary code via network, User access via network|
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): 12.1.6 MP4 and prior|
Multiple vulnerabilities were reported in Symantec Endpoint Protection and other Symantec products. A remote user can execute arbitrary code on the target system.|
A remote user can create a specially crafted file that, when processed by the target Symantec Decomposer engine, will trigger an integer overflow, memory access error, or memory corruption error and execute arbitrary code on the target system.
RAR file decompression is affected [CVE-2016-2207].
The Dec2SS component is affected [CVE-2016-2209].
The Dec2LHA component is affected [CVE-2016-2210].
CAB decompression is affected [CVE-2016-2211].
MIME processing is affected [CVE-2016-3644].
TNEF processing is affected [CVE-2016-3645].
ZIP decompression is affected [CVE-2016-3646].
Multiple Symantec enterprise products are affected:
Advanced Threat Protection
Symantec Data Center Server
Symantec Critical System Protection
Symantec Embedded Systems Critical System Protection
Symantec Web Security .Cloud
Email Security Server .Cloud
Symantec Web Gateway
Symantec Endpoint Protection
Symantec Endpoint Protection for Mac
Symantec Endpoint Protection for Linux
Symantec Protection Engine
Symantec Protection for SharePoint Servers
Symantec Mail Security for Microsoft Exchange
Symantec Mail Security for Domino
Symantec Message Gateway
Symantec Message Gateway for Service Providers
Tavis Ormandy with Google's Project Zero reported these vulnerabilities.
A remote user can create a file that, when processed by the target application, will execute arbitrary code on the target system.|
The vendor has issued a fix (12.1 RU6 MP5).|
The vendor's advisory is available at:
Vendor URL: www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00 (Links to External Site)
Access control error, Boundary error|
|Underlying OS: Windows (Any)|
This archive entry has one or more follow-up message(s) listed below.|
Source Message Contents
[Original Message Not Available for Viewing]