CVE-2016-5309

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression.

Published : 2017-04-14 18:59 Updated : 2017-04-25 18:58

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Symantec Protection Engine 7.5.2 cpe:/a:symantec:protection_engine:7.5.2
Symantec Messaging Gateway 10.6.1 cpe:/a:symantec:messaging_gateway:10.6.1
Symantec Protection Engine 7.5.1 cpe:/a:symantec:protection_engine:7.5.1
Symantec Endpoint Protection For Small Business 12.1 cpe:/a:symantec:endpoint_protection_for_small_business:12.1
Symantec Endpoint Protection Cloud - cpe:/a:symantec:endpoint_protection_cloud:-::~~~mac~~
Symantec Protection Engine 7.5.4 cpe:/a:symantec:protection_engine:7.5.4
Symantec Advanced Threat Protection - cpe:/a:symantec:advanced_threat_protection:-
Symantec Protection Engine 7.5.3 cpe:/a:symantec:protection_engine:7.5.3
Symantec Protection Engine 7.8.0 cpe:/a:symantec:protection_engine:7.8.0
Symantec Protection Engine 7.5.5 cpe:/a:symantec:protection_engine:7.5.5
Symantec Mail Security For Microsoft Exchange 7.5 cpe:/a:symantec:mail_security_for_microsoft_exchange:7.5
Symantec Messaging Gateway For Service Providers 10.5 cpe:/a:symantec:messaging_gateway_for_service_providers:10.5
Symantec Messaging Gateway For Service Providers 10.6 cpe:/a:symantec:messaging_gateway_for_service_providers:10.6
Symantec Web Security.cloud - cpe:/a:symantec:web_security.cloud:-
Symantec Endpoint Protection 12.1.6 cpe:/a:symantec:endpoint_protection:12.1.6::~~~linux~~
Symantec Mail Security For Microsoft Exchange 6.5.8 cpe:/a:symantec:mail_security_for_microsoft_exchange:6.5.8
Symantec Endpoint Protection 12.1.6 cpe:/a:symantec:endpoint_protection:12.1.6::~~~windows~~
Symantec Mail Security For Microsoft Exchange 7.0.3 cpe:/a:symantec:mail_security_for_microsoft_exchange:7.0.3
Symantec Mail Security For Microsoft Exchange 7.0.4 cpe:/a:symantec:mail_security_for_microsoft_exchange:7.0.4
Symantec Mail Security For Microsoft Exchange 7.5.1 cpe:/a:symantec:mail_security_for_microsoft_exchange:7.5.1
Symantec Endpoint Protection 12.1.4 cpe:/a:symantec:endpoint_protection:12.1.4::~~~mac~~
Symantec Mail Security For Microsoft Exchange 7.0.1 cpe:/a:symantec:mail_security_for_microsoft_exchange:7.0.1
Symantec Mail Security For Microsoft Exchange 7.0.2 cpe:/a:symantec:mail_security_for_microsoft_exchange:7.0.2
Symantec Mail Security For Microsoft Exchange 7.5.2 cpe:/a:symantec:mail_security_for_microsoft_exchange:7.5.2
Symantec Mail Security For Microsoft Exchange 7.5.3 cpe:/a:symantec:mail_security_for_microsoft_exchange:7.5.3
Symantec Mail Security For Microsoft Exchange 7.5.4 cpe:/a:symantec:mail_security_for_microsoft_exchange:7.5.4
Symantec Mail Security For Microsoft Exchange 7.0 cpe:/a:symantec:mail_security_for_microsoft_exchange:7.0
Symantec Mail Security For Domino 8.0.9 cpe:/a:symantec:mail_security_for_domino:8.0.9
Symantec Protection For Sharepoint Servers 6.0.4 cpe:/a:symantec:protection_for_sharepoint_servers:6.0.4
Symantec Csapi 10.0.4 cpe:/a:symantec:csapi:10.0.4
Symantec Email Security.cloud - cpe:/a:symantec:email_security.cloud:-
Symantec Protection For Sharepoint Servers 6.0.3 cpe:/a:symantec:protection_for_sharepoint_servers:6.0.3
Symantec Mail Security For Domino 8.1.3 cpe:/a:symantec:mail_security_for_domino:8.1.3
Symantec Mail Security For Domino 8.1.2 cpe:/a:symantec:mail_security_for_domino:8.1.2
Symantec Endpoint Protection Cloud - cpe:/a:symantec:endpoint_protection_cloud:-::~~~windows~~
Symantec Protection For Sharepoint Servers 6.0.6 cpe:/a:symantec:protection_for_sharepoint_servers:6.0.6
Symantec Web Gateway - cpe:/a:symantec:web_gateway:-
Symantec Protection For Sharepoint Servers 6.0.5 cpe:/a:symantec:protection_for_sharepoint_servers:6.0.5
Symantec Protection Engine 7.0.5 cpe:/a:symantec:protection_engine:7.0.5
Symantec Protection Engine 7.5.0 cpe:/a:symantec:protection_engine:7.5.0
Symantec Protection For Sharepoint Servers 6.0.7 cpe:/a:symantec:protection_for_sharepoint_servers:6.0.7
Symantec Endpoint Protection For Small Business - cpe:/a:symantec:endpoint_protection_for_small_business:-::~~enterprise~~~
Symantec Data Center Security Server - cpe:/a:symantec:data_center_security_server:-
  1. Symantec (15) Search CVE
    1. Mail Security For Microsoft Exchange (11) Search CVE
      1. 7.5
      2. 6.5.8
      3. 7.0.3
      4. 7.0.4
      5. 7.5.1
      6. 7.0.1
      7. 7.0.2
      8. 7.5.2
      9. 7.5.3
      10. 7.5.4
      11. 7.0
    2. Email Security.cloud (1) Search CVE
      1. -
    3. Endpoint Protection For Small Business (2) Search CVE
      1. 12.1
      2. -
    4. Endpoint Protection Cloud (1) Search CVE
      1. -
    5. Web Security.cloud (1) Search CVE
      1. -
    6. Protection For Sharepoint Servers (5) Search CVE
      1. 6.0.4
      2. 6.0.3
      3. 6.0.6
      4. 6.0.5
      5. 6.0.7
    7. Web Gateway (1) Search CVE
      1. -
    8. Csapi (1) Search CVE
      1. 10.0.4
    9. Messaging Gateway For Service Providers (2) Search CVE
      1. 10.5
      2. 10.6
    10. Data Center Security Server (1) Search CVE
      1. -
    11. Messaging Gateway (1) Search CVE
      1. 10.6.1
    12. Endpoint Protection (2) Search CVE
      1. 12.1.6
      2. 12.1.4
    13. Mail Security For Domino (3) Search CVE
      1. 8.0.9
      2. 8.1.3
      3. 8.1.2
    14. Protection Engine (8) Search CVE
      1. 7.5.2
      2. 7.5.1
      3. 7.5.4
      4. 7.5.3
      5. 7.8.0
      6. 7.5.5
      7. 7.0.5
      8. 7.5.0
    15. Advanced Threat Protection (1) Search CVE
      1. -

CWE

ID Name Description Links
CWE-125 Out-of-bounds Read The software reads data past the end, or before the beginning, of the intended buffer. CVE

History of changes

Date Event
2017-04-14 18:59

New CVE