CVE-2016-5310

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.

Published : 2017-04-14 18:59 Updated : 2017-04-25 18:59

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Symantec Protection Engine 7.5.2 cpe:/a:symantec:protection_engine:7.5.2
Symantec Messaging Gateway 10.6.1 cpe:/a:symantec:messaging_gateway:10.6.1
Symantec Protection Engine 7.5.1 cpe:/a:symantec:protection_engine:7.5.1
Symantec Endpoint Protection For Small Business 12.1 cpe:/a:symantec:endpoint_protection_for_small_business:12.1
Symantec Endpoint Protection Cloud - cpe:/a:symantec:endpoint_protection_cloud:-::~~~mac~~
Symantec Protection Engine 7.5.4 cpe:/a:symantec:protection_engine:7.5.4
Symantec Advanced Threat Protection - cpe:/a:symantec:advanced_threat_protection:-
Symantec Protection Engine 7.5.3 cpe:/a:symantec:protection_engine:7.5.3
Symantec Protection Engine 7.8.0 cpe:/a:symantec:protection_engine:7.8.0
Symantec Protection Engine 7.5.5 cpe:/a:symantec:protection_engine:7.5.5
Symantec Mail Security For Microsoft Exchange 7.5 cpe:/a:symantec:mail_security_for_microsoft_exchange:7.5
Symantec Messaging Gateway For Service Providers 10.5 cpe:/a:symantec:messaging_gateway_for_service_providers:10.5
Symantec Messaging Gateway For Service Providers 10.6 cpe:/a:symantec:messaging_gateway_for_service_providers:10.6
Symantec Web Security.cloud - cpe:/a:symantec:web_security.cloud:-
Symantec Endpoint Protection 12.1.6 cpe:/a:symantec:endpoint_protection:12.1.6::~~~linux~~
Symantec Mail Security For Microsoft Exchange 6.5.8 cpe:/a:symantec:mail_security_for_microsoft_exchange:6.5.8
Symantec Endpoint Protection 12.1.6 cpe:/a:symantec:endpoint_protection:12.1.6::~~~windows~~
Symantec Mail Security For Microsoft Exchange 7.0.3 cpe:/a:symantec:mail_security_for_microsoft_exchange:7.0.3
Symantec Mail Security For Microsoft Exchange 7.0.4 cpe:/a:symantec:mail_security_for_microsoft_exchange:7.0.4
Symantec Mail Security For Microsoft Exchange 7.5.1 cpe:/a:symantec:mail_security_for_microsoft_exchange:7.5.1
Symantec Endpoint Protection 12.1.4 cpe:/a:symantec:endpoint_protection:12.1.4::~~~mac~~
Symantec Mail Security For Microsoft Exchange 7.0.1 cpe:/a:symantec:mail_security_for_microsoft_exchange:7.0.1
Symantec Mail Security For Microsoft Exchange 7.0.2 cpe:/a:symantec:mail_security_for_microsoft_exchange:7.0.2
Symantec Mail Security For Microsoft Exchange 7.5.2 cpe:/a:symantec:mail_security_for_microsoft_exchange:7.5.2
Symantec Mail Security For Microsoft Exchange 7.5.3 cpe:/a:symantec:mail_security_for_microsoft_exchange:7.5.3
Symantec Mail Security For Microsoft Exchange 7.5.4 cpe:/a:symantec:mail_security_for_microsoft_exchange:7.5.4
Symantec Mail Security For Microsoft Exchange 7.0 cpe:/a:symantec:mail_security_for_microsoft_exchange:7.0
Symantec Mail Security For Domino 8.0.9 cpe:/a:symantec:mail_security_for_domino:8.0.9
Symantec Protection For Sharepoint Servers 6.0.4 cpe:/a:symantec:protection_for_sharepoint_servers:6.0.4
Symantec Csapi 10.0.4 cpe:/a:symantec:csapi:10.0.4
Symantec Email Security.cloud - cpe:/a:symantec:email_security.cloud:-
Symantec Protection For Sharepoint Servers 6.0.3 cpe:/a:symantec:protection_for_sharepoint_servers:6.0.3
Symantec Mail Security For Domino 8.1.3 cpe:/a:symantec:mail_security_for_domino:8.1.3
Symantec Mail Security For Domino 8.1.2 cpe:/a:symantec:mail_security_for_domino:8.1.2
Symantec Endpoint Protection Cloud - cpe:/a:symantec:endpoint_protection_cloud:-::~~~windows~~
Symantec Protection For Sharepoint Servers 6.0.6 cpe:/a:symantec:protection_for_sharepoint_servers:6.0.6
Symantec Web Gateway - cpe:/a:symantec:web_gateway:-
Symantec Protection For Sharepoint Servers 6.0.5 cpe:/a:symantec:protection_for_sharepoint_servers:6.0.5
Symantec Protection Engine 7.0.5 cpe:/a:symantec:protection_engine:7.0.5
Symantec Protection Engine 7.5.0 cpe:/a:symantec:protection_engine:7.5.0
Symantec Protection For Sharepoint Servers 6.0.7 cpe:/a:symantec:protection_for_sharepoint_servers:6.0.7
Symantec Endpoint Protection For Small Business - cpe:/a:symantec:endpoint_protection_for_small_business:-::~~enterprise~~~
Symantec Data Center Security Server - cpe:/a:symantec:data_center_security_server:-
  1. Symantec (15) Search CVE
    1. Protection Engine (8) Search CVE
      1. 7.5.2
      2. 7.5.1
      3. 7.5.4
      4. 7.5.3
      5. 7.8.0
      6. 7.5.5
      7. 7.0.5
      8. 7.5.0
    2. Csapi (1) Search CVE
      1. 10.0.4
    3. Data Center Security Server (1) Search CVE
      1. -
    4. Mail Security For Domino (3) Search CVE
      1. 8.0.9
      2. 8.1.3
      3. 8.1.2
    5. Endpoint Protection For Small Business (2) Search CVE
      1. 12.1
      2. -
    6. Advanced Threat Protection (1) Search CVE
      1. -
    7. Protection For Sharepoint Servers (5) Search CVE
      1. 6.0.4
      2. 6.0.3
      3. 6.0.6
      4. 6.0.5
      5. 6.0.7
    8. Mail Security For Microsoft Exchange (11) Search CVE
      1. 7.5
      2. 6.5.8
      3. 7.0.3
      4. 7.0.4
      5. 7.5.1
      6. 7.0.1
      7. 7.0.2
      8. 7.5.2
      9. 7.5.3
      10. 7.5.4
      11. 7.0
    9. Messaging Gateway For Service Providers (2) Search CVE
      1. 10.5
      2. 10.6
    10. Messaging Gateway (1) Search CVE
      1. 10.6.1
    11. Web Security.cloud (1) Search CVE
      1. -
    12. Web Gateway (1) Search CVE
      1. -
    13. Endpoint Protection (2) Search CVE
      1. 12.1.6
      2. 12.1.4
    14. Endpoint Protection Cloud (1) Search CVE
      1. -
    15. Email Security.cloud (1) Search CVE
      1. -

CWE

ID Name Description Links
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. CVE

History of changes

Date Event
2017-04-14 18:59

New CVE