CVE-2016-2210
Published on: 06/30/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:15 PM UTC
Certain versions of Mac Os from Apple contain the following vulnerability:
Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file.
- CVE-2016-2210 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.3 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
LOCAL | LOW | NONE | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | LOW | LOW | HIGH |
CVSS2 Score: 9 - HIGH
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | PARTIAL | COMPLETE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Symantec Antivirus - Remote Stack Buffer Overflow in dec2lha Library | Third Party Advisory VDB Entry www.exploit-db.com Proof of Concept text/html |
![]() |
Symantec Endpoint Protection Flaws in Symantec Decomposer Engine Let Remote Users Execute Arbitrary Code - SecurityTracker | Third Party Advisory VDB Entry www.securitytracker.com text/html |
![]() |
Norton Anti-Virus Flaws in Symantec Decomposer Engine Let Remote Users Execute Arbitrary Code - SecurityTracker | Third Party Advisory VDB Entry www.securitytracker.com text/html |
![]() |
No Description Provided | Third Party Advisory VDB Entry cve.report (archive) text/html |
![]() |
Security Advisories Relating to Symantec Products - Symantec Decomposer Engine Multiple Parsing Vulnerabilities - 2016-06-28T00:03:00 PDT | Symantec | Vendor Advisory www.symantec.com text/html |
![]() |
Known Affected Configurations (CPE V2.3)
- cpe:2.3:o:apple:mac_os:-:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:mac_os:-:*:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:advanced_threat_protection:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:csapi:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:data_center_security_server:6.0:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:data_center_security_server:6.0:mp1:*:*:*:*:*:*:
- cpe:2.3:a:symantec:data_center_security_server:6.5:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:data_center_security_server:6.5:mp1:*:*:*:*:*:*:
- cpe:2.3:a:symantec:data_center_security_server:6.6:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:data_center_security_server:6.6:mp1:*:*:*:*:*:*:
- cpe:2.3:a:symantec:data_center_security_server:6.0:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:data_center_security_server:6.0:mp1:*:*:*:*:*:*:
- cpe:2.3:a:symantec:data_center_security_server:6.5:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:data_center_security_server:6.5:mp1:*:*:*:*:*:*:
- cpe:2.3:a:symantec:data_center_security_server:6.6:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:data_center_security_server:6.6:mp1:*:*:*:*:*:*:
- cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:*:
- cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1a:*:*:*:*:*:*:
- cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:*:
- cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:*:
- cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:*:
- cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:*:
- cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1a:*:*:*:*:*:*:
- cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:*:
- cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:*:
- cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:*:
- cpe:2.3:a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:6.5.8:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:6.5.8:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:message_gateway:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:message_gateway_for_service_providers:10.5:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:message_gateway_for_service_providers:10.6:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:message_gateway_for_service_providers:10.5:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:message_gateway_for_service_providers:10.6:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:ngc:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:norton_360:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:norton_360:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:norton_bootable_removal_tool:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:norton_internet_security:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:norton_internet_security:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:norton_power_eraser:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:norton_security:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:norton_security:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:norton_security:*:*:*:*:*:macos:*:*:
- cpe:2.3:a:symantec:norton_security_with_backup:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:norton_security_with_backup:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:protection_engine:7.8.0:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:protection_engine:7.8.0:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:protection_engine:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:protection_engine:*:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.03:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.04:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.05:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.06:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.03:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.04:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.05:*:*:*:*:*:*:*:
- cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.06:*:*:*:*:*:*:*: