SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Symantec Mail Security Vendors:   Symantec
(Symantec Issues Fix for Symantec Mail Security for Microsoft Exchange and for Domino) Symantec Endpoint Protection Flaws in Symantec Decomposer Engine Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1036204
SecurityTracker URL:  http://securitytracker.com/id/1036204
CVE Reference:   CVE-2016-2207, CVE-2016-2209, CVE-2016-2210, CVE-2016-2211, CVE-2016-3644, CVE-2016-3645, CVE-2016-3646   (Links to External Site)
Date:  Jun 30 2016
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): for Microsoft Exchange: 7.0.4 and prior, 7.5.4 and prior; for Domino 8.0.9 and prior, 8.1.3 and prior
Description:   Multiple vulnerabilities were reported in Symantec Endpoint Protection and other Symantec products. A remote user can execute arbitrary code on the target system. Symantec Mail Security for Microsoft Exchange and for Domino are affected.

A remote user can create a specially crafted file that, when processed by the target Symantec Decomposer engine, will trigger an integer overflow, memory access error, or memory corruption error and execute arbitrary code on the target system.

RAR file decompression is affected [CVE-2016-2207].

The Dec2SS component is affected [CVE-2016-2209].

The Dec2LHA component is affected [CVE-2016-2210].

CAB decompression is affected [CVE-2016-2211].

MIME processing is affected [CVE-2016-3644].

TNEF processing is affected [CVE-2016-3645].

ZIP decompression is affected [CVE-2016-3646].

Multiple Symantec enterprise products are affected:

Advanced Threat Protection
Symantec Data Center Server
Symantec Critical System Protection
Symantec Embedded Systems Critical System Protection
Symantec Web Security .Cloud
Email Security Server .Cloud
Symantec Web Gateway
Symantec Endpoint Protection
Symantec Endpoint Protection for Mac
Symantec Endpoint Protection for Linux
Symantec Protection Engine
Symantec Protection for SharePoint Servers
Symantec Mail Security for Microsoft Exchange
Symantec Mail Security for Domino
CSAPI
Symantec Message Gateway
Symantec Message Gateway for Service Providers

Tavis Ormandy with Google's Project Zero reported these vulnerabilities.

Impact:   A remote user can create a file that, when processed by the target application, will execute arbitrary code on the target system.
Solution:   Symantec has issued a fix for Symantec Mail Security for Microsoft Exchange (hotfix SMSMSE_7.0_3966002_HF1.1, hotfix SMSMSE_7.5_3966008_VHF1.2) and Symantec Mail Security for Domino (hotfix SMSDOM_8.0.9_HF1.1, hotfix SMSDOM_8.1.3_HF1.2).

The Symantec advisory is available at:

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00

Vendor URL:  www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00 (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Jun 29 2016 Symantec Endpoint Protection Flaws in Symantec Decomposer Engine Let Remote Users Execute Arbitrary Code



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC