SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Symantec Endpoint Protection Vendors:   Symantec
Symantec Endpoint Protection Flaws in Symantec Decomposer Engine Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1036198
SecurityTracker URL:  http://securitytracker.com/id/1036198
CVE Reference:   CVE-2016-2207, CVE-2016-2209, CVE-2016-2210, CVE-2016-2211, CVE-2016-3644, CVE-2016-3645, CVE-2016-3646   (Links to External Site)
Date:  Jun 29 2016
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 12.1.6 MP4 and prior
Description:   Multiple vulnerabilities were reported in Symantec Endpoint Protection and other Symantec products. A remote user can execute arbitrary code on the target system.

A remote user can create a specially crafted file that, when processed by the target Symantec Decomposer engine, will trigger an integer overflow, memory access error, or memory corruption error and execute arbitrary code on the target system.

RAR file decompression is affected [CVE-2016-2207].

The Dec2SS component is affected [CVE-2016-2209].

The Dec2LHA component is affected [CVE-2016-2210].

CAB decompression is affected [CVE-2016-2211].

MIME processing is affected [CVE-2016-3644].

TNEF processing is affected [CVE-2016-3645].

ZIP decompression is affected [CVE-2016-3646].

Multiple Symantec enterprise products are affected:

Advanced Threat Protection
Symantec Data Center Server
Symantec Critical System Protection
Symantec Embedded Systems Critical System Protection
Symantec Web Security .Cloud
Email Security Server .Cloud
Symantec Web Gateway
Symantec Endpoint Protection
Symantec Endpoint Protection for Mac
Symantec Endpoint Protection for Linux
Symantec Protection Engine
Symantec Protection for SharePoint Servers
Symantec Mail Security for Microsoft Exchange
Symantec Mail Security for Domino
CSAPI
Symantec Message Gateway
Symantec Message Gateway for Service Providers

Tavis Ormandy with Google's Project Zero reported these vulnerabilities.

Impact:   A remote user can create a file that, when processed by the target application, will execute arbitrary code on the target system.
Solution:   The vendor has issued a fix (12.1 RU6 MP5).

The vendor's advisory is available at:

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00

Vendor URL:  www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00 (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 30 2016 (Symantec Issues Fix for Symantec Critical System Protection) Symantec Endpoint Protection Flaws in Symantec Decomposer Engine Let Remote Users Execute Arbitrary Code
Symantec has issued a fix for Symantec Critical System Protection.
Jun 30 2016 (Symantec Issues Fix for Symantec Web Gateway) Symantec Endpoint Protection Flaws in Symantec Decomposer Engine Let Remote Users Execute Arbitrary Code
Symantec has issued a fix for Symantec Web Gateway.
Jun 30 2016 (Symantec Issues Fix for Symantec Endpoint Protection for Mac and for Linux) Symantec Endpoint Protection Flaws in Symantec Decomposer Engine Let Remote Users Execute Arbitrary Code
Symantec has issued a fix for Symantec Endpoint Protection for Mac and for Linux.
Jun 30 2016 (Symantec Issues Fix for Symantec Mail Security for Microsoft Exchange and for Domino) Symantec Endpoint Protection Flaws in Symantec Decomposer Engine Let Remote Users Execute Arbitrary Code
Symantec has issued a fix for Symantec Mail Security for Microsoft Exchange and Symantec Mail Security for Domino.
Jun 30 2016 (Symantec Issues Fix for Symantec Message Gateway) Symantec Endpoint Protection Flaws in Symantec Decomposer Engine Let Remote Users Execute Arbitrary Code
Symantec has issued a fix for Symantec Message Gateway and Symantec Message Gateway for Service Providers.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC