CVE-2016-2207
Summary
| CVE | CVE-2016-2207 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-06-30 23:59:00 UTC |
| Updated | 2021-09-08 17:19:00 UTC |
| Description | The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted RAR file that is mishandled during decompression. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Macos | - | All | All | All |
| Operating System | Apple | Mac Os | - | All | All | All |
| Operating System | Apple | Mac Os | - | All | All | All |
| Operating System | Linux | Linux Kernel | - | All | All | All |
| Operating System | Linux | Linux Kernel | - | All | All | All |
| Application | Symantec | Advanced Threat Protection | All | All | All | All |
| Application | Symantec | Csapi | All | All | All | All |
| Application | Symantec | Data Center Security Server | 6.0 | All | All | All |
| Application | Symantec | Data Center Security Server | 6.0 | mp1 | All | All |
| Application | Symantec | Data Center Security Server | 6.5 | All | All | All |
| Application | Symantec | Data Center Security Server | 6.5 | mp1 | All | All |
| Application | Symantec | Data Center Security Server | 6.6 | All | All | All |
| Application | Symantec | Data Center Security Server | 6.6 | mp1 | All | All |
| Application | Symantec | Data Center Security Server | 6.0 | All | All | All |
| Application | Symantec | Data Center Security Server | 6.0 | mp1 | All | All |
| Application | Symantec | Data Center Security Server | 6.5 | All | All | All |
| Application | Symantec | Data Center Security Server | 6.5 | mp1 | All | All |
| Application | Symantec | Data Center Security Server | 6.6 | All | All | All |
| Application | Symantec | Data Center Security Server | 6.6 | mp1 | All | All |
| Application | Symantec | Endpoint Protection | 12.1.6 | mp1 | All | All |
| Application | Symantec | Endpoint Protection | 12.1.6 | mp1a | All | All |
| Application | Symantec | Endpoint Protection | 12.1.6 | mp2 | All | All |
| Application | Symantec | Endpoint Protection | 12.1.6 | mp3 | All | All |
| Application | Symantec | Endpoint Protection | 12.1.6 | mp4 | All | All |
| Application | Symantec | Endpoint Protection | 12.1.6 | mp1 | All | All |
| Application | Symantec | Endpoint Protection | 12.1.6 | mp1a | All | All |
| Application | Symantec | Endpoint Protection | 12.1.6 | mp2 | All | All |
| Application | Symantec | Endpoint Protection | 12.1.6 | mp3 | All | All |
| Application | Symantec | Endpoint Protection | 12.1.6 | mp4 | All | All |
| Application | Symantec | Mail Security For Domino | All | All | All | All |
| Application | Symantec | Mail Security For Domino | All | All | All | All |
| Application | Symantec | Mail Security For Microsoft Exchange | 6.5.8 | All | All | All |
| Application | Symantec | Mail Security For Microsoft Exchange | 6.5.8 | All | All | All |
| Application | Symantec | Mail Security For Microsoft Exchange | All | All | All | All |
| Application | Symantec | Mail Security For Microsoft Exchange | All | All | All | All |
| Application | Symantec | Message Gateway | All | All | All | All |
| Application | Symantec | Message Gateway For Service Providers | 10.5 | All | All | All |
| Application | Symantec | Message Gateway For Service Providers | 10.6 | All | All | All |
| Application | Symantec | Message Gateway For Service Providers | 10.5 | All | All | All |
| Application | Symantec | Message Gateway For Service Providers | 10.6 | All | All | All |
| Application | Symantec | Ngc | All | All | All | All |
| Application | Symantec | Norton 360 | All | All | All | All |
| Application | Symantec | Norton 360 | All | All | All | All |
| Application | Symantec | Norton Antivirus | All | All | All | All |
| Application | Symantec | Norton Antivirus | All | All | All | All |
| Application | Symantec | Norton Bootable Removal Tool | All | All | All | All |
| Application | Symantec | Norton Internet Security | All | All | All | All |
| Application | Symantec | Norton Internet Security | All | All | All | All |
| Application | Symantec | Norton Power Eraser | All | All | All | All |
| Application | Symantec | Norton Security | All | All | All | All |
| Application | Symantec | Norton Security | All | All | All | All |
| Application | Symantec | Norton Security | All | All | All | All |
| Application | Symantec | Norton Security With Backup | All | All | All | All |
| Application | Symantec | Norton Security With Backup | All | All | All | All |
| Application | Symantec | Protection Engine | 7.8.0 | All | All | All |
| Application | Symantec | Protection Engine | 7.8.0 | All | All | All |
| Application | Symantec | Protection Engine | All | All | All | All |
| Application | Symantec | Protection Engine | All | All | All | All |
| Application | Symantec | Protection For Sharepoint Servers | 6.03 | All | All | All |
| Application | Symantec | Protection For Sharepoint Servers | 6.04 | All | All | All |
| Application | Symantec | Protection For Sharepoint Servers | 6.05 | All | All | All |
| Application | Symantec | Protection For Sharepoint Servers | 6.06 | All | All | All |
| Application | Symantec | Protection For Sharepoint Servers | 6.03 | All | All | All |
| Application | Symantec | Protection For Sharepoint Servers | 6.04 | All | All | All |
| Application | Symantec | Protection For Sharepoint Servers | 6.05 | All | All | All |
| Application | Symantec | Protection For Sharepoint Servers | 6.06 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 91434 | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Symantec Endpoint Protection Flaws in Symantec Decomposer Engine Let Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Norton Anti-Virus Flaws in Symantec Decomposer Engine Let Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Symantec Antivirus - Multiple Remote Memory Corruption Unpacking RAR | EXPLOIT-DB | www.exploit-db.com | Third Party Advisory, VDB Entry |
| Security Advisories Relating to Symantec Products - Symantec Decomposer Engine Multiple Parsing Vulnerabilities - 2016-06-28T00:03:00 PDT | Symantec | CONFIRM | www.symantec.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.