All the vulnerabilites related to symantec - web_security.cloud
Vulnerability from fkie_nvd
Published
2017-04-14 18:59
Modified
2024-11-21 02:54
Severity ?
Summary
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:symantec_data_center_security_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A85D64F-2912-4B59-9CF0-5266F5A44DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:advanced_threat_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75EE5143-C90B-4E7F-BA5F-5B17995A8D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:csapi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B105323B-438B-4506-9575-5D55AB837D53",
"versionEndIncluding": "10.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:email_security.cloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E9CB569-FE96-4783-A84F-BEE055DDED1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:mac:*:*",
"matchCriteriaId": "D98041D2-B769-4E3F-A072-6A2047082F09",
"versionEndIncluding": "12.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "1FE459CB-A040-4F02-8215-6B7BC4B9CEA9",
"versionEndIncluding": "12.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "CB7A2E78-E9C9-4B54-83BA-1D76B320A2BB",
"versionEndIncluding": "12.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection_cloud:-:*:*:*:*:mac:*:*",
"matchCriteriaId": "48B6AC19-877E-42C9-A0C7-17B6002E9542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection_cloud:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "D9D06586-95B0-40F6-AF01-ABF6CDF4C607",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection_for_small_business:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6720563F-0EE7-475E-968E-C5054CB0EEDE",
"versionEndIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection_for_small_business:-:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "394A10F2-1147-4744-873B-5B0D38E371F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "748F255D-C57D-4483-A083-A8A904083535",
"versionEndIncluding": "8.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_domino:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39AFBF7D-1101-4318-AC60-330329A82390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_domino:8.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93C49CF4-0B0C-4208-A774-5CA4756DD2FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7702EB09-8678-4F9A-97E5-C8FAD7E88D07",
"versionEndIncluding": "6.5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "27E28201-1358-44A9-9C62-25D7E8FEBEAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A066F69C-9CDF-40F6-A251-E746D6D6D6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3E4851-D48E-4865-B15A-48F8C5B01A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DD08A2-273B-4AE8-BD68-96407106DB89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C726BA76-DF5A-4F82-B861-C5468B8950E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0BE5FC3-6FCE-49A1-AD9B-D37098A63E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B36A5DF7-7FBD-48E2-A053-0FF65C1D97F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEFFE2C-BAA1-4879-8198-3FD8433117C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "263ED902-F90D-44D1-A19B-CD7C1C96C918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F0B5687-BB44-455A-99C9-5A1A31170783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A721B7B-6A30-4671-8ED7-FB10A51585ED",
"versionEndIncluding": "10.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:messaging_gateway_for_service_providers:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E43B415E-7C78-4DE8-9075-30A17A026DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:messaging_gateway_for_service_providers:10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "02C60D4C-9A49-45EC-AC34-09B312B56D22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C55CDA-FE49-4870-800B-BEDD0AD2128A",
"versionEndIncluding": "7.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10A30D31-6D0A-48B0-9D96-7FECE032F288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "139B24CF-61DE-4891-BCB8-E2199067FD13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:7.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10F4C9B3-48EA-4E57-B7E9-1E51E7D87F31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:7.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B74A56-84F4-47AA-99BE-91F147B56FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F235281-B0A6-4099-9E90-4EFDA3349E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:7.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5D00F417-0D5F-43CA-8F01-66615CC32E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580CEE93-D3FA-4D94-909B-DCBD18889E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE3368B-DB3A-4EA2-8A8F-C6B8E78FCD00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC77EBB-A8E6-4CA4-9CEE-03EFF8E57DB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F79636A0-C052-4F7C-B968-38959FABBA2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9369C5EC-B72D-485C-A0C2-72A86F65192D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "67610E7A-D88F-40FD-9559-D020090FF000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D32D1F17-65A7-49F7-B2C7-4AF4F5B8E311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security.cloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82F1B16C-252B-4390-8CC9-B4509A0F0F13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression."
},
{
"lang": "es",
"value": "El componente del analizador de archivos RAR en el motor AntiVirus Decomposer en Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Servidor; Symantec Endpoint Protection (SEP) para Windows en versiones anteriores a 12.1.6 MP5; Symantec Endpoint Protection (SEP) para Mac; Symantec Endpoint Protection (SEP) para Linux en versiones anteriores a 12.1.6 MP6; Symantec Endpoint Protection para peque\u00f1as empresas (SEP SBE / SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) para Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI en versiones anteriores a 10.0.4 HF02; Symantec Protection Engine (SPE) en versiones anteriores a 7.0.5 HF02, 7.5.x en versiones anteriores a 7.5.4 HF02, 7.5.5 en versiones anteriores a 7.5.5 HF01 y 7.8.x en versiones anteriores a 7.8.0 HF03; Symantec Mail Security para Domino (SMSDOM) en versiones anteriores a 8.0.9 HF2.1, 8.1.x en versiones anteriores a 8.1.2 HF2.3 y 8.1.3 en versiones anteriores a 8.1.3 HF2.2; Symantec Mail Security para Microsoft Exchange (SMSMSE) en versiones anteriores a 6.5.8_3968140 HF2.3, 7.x en versiones anteriores a 7.0_3966002 HF2.1 y 7.5.x en versiones anteriores a 7.5_3966008 VHF2.2; Servidores de Symantec Protection para SharePoint (SPSS) antes de la actualizaci\u00f3n SPSS_6.0.3_To_6.0.5_HF_2.5, 6.0.6 en versiones anteriores a 6.0.6 HF_2.6 y 6.0.7 en versiones anteriores a 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) en versiones antriores a 10.6.2; Symantec Messaging Gateway para proveedores de servicios (SMG-SP) en versiones anteriores a 10.5 parche 260 y 10.6 en versiones anteriores al parche 259; Symantec Web Gateway; y Symantec Web Security.Cloud permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un archivo RAR dise\u00f1ado que se maneja mal durante la descompresi\u00f3n."
}
],
"id": "CVE-2016-5310",
"lastModified": "2024-11-21T02:54:04.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-14T18:59:00.563",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92866"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036847"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036848"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036849"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036850"
},
{
"source": "secure@symantec.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=867"
},
{
"source": "secure@symantec.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40405/"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160919_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40405/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160919_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-14 18:59
Modified
2024-11-21 02:54
Severity ?
Summary
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:symantec_data_center_security_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A85D64F-2912-4B59-9CF0-5266F5A44DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:advanced_threat_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75EE5143-C90B-4E7F-BA5F-5B17995A8D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:csapi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B105323B-438B-4506-9575-5D55AB837D53",
"versionEndIncluding": "10.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:email_security.cloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E9CB569-FE96-4783-A84F-BEE055DDED1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:mac:*:*",
"matchCriteriaId": "D98041D2-B769-4E3F-A072-6A2047082F09",
"versionEndIncluding": "12.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "1FE459CB-A040-4F02-8215-6B7BC4B9CEA9",
"versionEndIncluding": "12.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "CB7A2E78-E9C9-4B54-83BA-1D76B320A2BB",
"versionEndIncluding": "12.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection_cloud:-:*:*:*:*:mac:*:*",
"matchCriteriaId": "48B6AC19-877E-42C9-A0C7-17B6002E9542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection_cloud:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "D9D06586-95B0-40F6-AF01-ABF6CDF4C607",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection_for_small_business:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6720563F-0EE7-475E-968E-C5054CB0EEDE",
"versionEndIncluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection_for_small_business:-:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "394A10F2-1147-4744-873B-5B0D38E371F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "748F255D-C57D-4483-A083-A8A904083535",
"versionEndIncluding": "8.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_domino:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39AFBF7D-1101-4318-AC60-330329A82390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_domino:8.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93C49CF4-0B0C-4208-A774-5CA4756DD2FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7702EB09-8678-4F9A-97E5-C8FAD7E88D07",
"versionEndIncluding": "6.5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "27E28201-1358-44A9-9C62-25D7E8FEBEAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A066F69C-9CDF-40F6-A251-E746D6D6D6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3E4851-D48E-4865-B15A-48F8C5B01A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DD08A2-273B-4AE8-BD68-96407106DB89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C726BA76-DF5A-4F82-B861-C5468B8950E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0BE5FC3-6FCE-49A1-AD9B-D37098A63E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B36A5DF7-7FBD-48E2-A053-0FF65C1D97F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEFFE2C-BAA1-4879-8198-3FD8433117C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "263ED902-F90D-44D1-A19B-CD7C1C96C918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F0B5687-BB44-455A-99C9-5A1A31170783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A721B7B-6A30-4671-8ED7-FB10A51585ED",
"versionEndIncluding": "10.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:messaging_gateway_for_service_providers:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E43B415E-7C78-4DE8-9075-30A17A026DA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:messaging_gateway_for_service_providers:10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "02C60D4C-9A49-45EC-AC34-09B312B56D22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C55CDA-FE49-4870-800B-BEDD0AD2128A",
"versionEndIncluding": "7.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10A30D31-6D0A-48B0-9D96-7FECE032F288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "139B24CF-61DE-4891-BCB8-E2199067FD13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:7.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10F4C9B3-48EA-4E57-B7E9-1E51E7D87F31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:7.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B74A56-84F4-47AA-99BE-91F147B56FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F235281-B0A6-4099-9E90-4EFDA3349E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:7.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5D00F417-0D5F-43CA-8F01-66615CC32E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580CEE93-D3FA-4D94-909B-DCBD18889E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE3368B-DB3A-4EA2-8A8F-C6B8E78FCD00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC77EBB-A8E6-4CA4-9CEE-03EFF8E57DB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F79636A0-C052-4F7C-B968-38959FABBA2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9369C5EC-B72D-485C-A0C2-72A86F65192D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "67610E7A-D88F-40FD-9559-D020090FF000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D32D1F17-65A7-49F7-B2C7-4AF4F5B8E311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security.cloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82F1B16C-252B-4390-8CC9-B4509A0F0F13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression."
},
{
"lang": "es",
"value": "El componente del analizador de archivos RAR en el AntiVirus Decomposer engine en Symantec Advanced Threat Protection: Network (ATP) : Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Servidor; Symantec Endpoint Protection (SEP) para Windows en versiones anteriores a 12.1.6 MP5; Symantec Endpoint Protection (SEP) para Mac; Symantec Endpoint Protection (SEP) en versiones anteriores a Linux en versiones anteriores a 12.1.6 MP6; Symantec Endpoint Protection para SMALL Business Entreprise (SEP SBE / SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) para Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI en versiones anteriores a 10.0.4 HF02; Symantec Protection Engine (SPE) en versiones anteriores a 7.0.5 HF02, 7.5.x en versiones anteriores a 7.5.4 HF02, 7.5.5 en versiones anteriores a 7.5.5 HF01 y 7.8.x en versiones anteriores a 7.8.0 HF03; Symantec Mail Security para Domino (SMSDOM) en versiones anteriores a 8.0.9 HF2.1, 8.1.x en versiones anteriores a 8.1.2 HF2.3 y 8.1.3 en versiones anteriores a 8.1.3 HF2.2; Symantec Mail Security para Microsoft Exchange (SMSMSE) en versiones anteriores a 6.5.8_3968140 HF2.3, 7.x en versiones anteriores a 7.0_3966002 HF2.1 y 7.5.x en versiones anteriores a 7.5_3966008 VHF2.2; Servidores de Symantec Protection para SharePoint (SPSS) antes de la actualizaci\u00f3n SPSS_6.0.3_To_6.0.5_HF_2.5, 6.0.6 en versiones anteriores a 6.0.6 HF_2.6 y 6.0.7 en versiones anteriores a 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) en versiones anteriores a 10.6.2; Symantec Messaging Gateway para proveedores de servicios (SMG-SP) en versiones anteriores a 10.5 parche 260 y en versiones anteriores a10.6 parche 259; Symantec Web Gateway; y Symantec Web Security.Cloud permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de un archivo RAR manipulado que se maneja incorrectamente durante la descompresi\u00f3n."
}
],
"id": "CVE-2016-5309",
"lastModified": "2024-11-21T02:54:04.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-14T18:59:00.500",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92868"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036847"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036848"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036849"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036850"
},
{
"source": "secure@symantec.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=867"
},
{
"source": "secure@symantec.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40405/"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160919_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40405/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160919_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2016-5310
Vulnerability from cvelistv5
Published
2017-04-14 18:00
Modified
2024-08-06 01:00
Severity ?
EPSS score ?
Summary
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160919_00 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1036848 | vdb-entry, x_refsource_SECTRACK | |
| https://www.exploit-db.com/exploits/40405/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/92866 | vdb-entry, x_refsource_BID | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=867 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1036849 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1036847 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1036850 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:00:59.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160919_00"
},
{
"name": "1036848",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036848"
},
{
"name": "40405",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40405/"
},
{
"name": "92866",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92866"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=867"
},
{
"name": "1036849",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036849"
},
{
"name": "1036847",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036847"
},
{
"name": "1036850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-14T16:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160919_00"
},
{
"name": "1036848",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036848"
},
{
"name": "40405",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40405/"
},
{
"name": "92866",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92866"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=867"
},
{
"name": "1036849",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036849"
},
{
"name": "1036847",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036847"
},
{
"name": "1036850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036850"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-5310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160919_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160919_00"
},
{
"name": "1036848",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036848"
},
{
"name": "40405",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40405/"
},
{
"name": "92866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92866"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=867",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=867"
},
{
"name": "1036849",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036849"
},
{
"name": "1036847",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036847"
},
{
"name": "1036850",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036850"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-5310",
"datePublished": "2017-04-14T18:00:00",
"dateReserved": "2016-06-06T00:00:00",
"dateUpdated": "2024-08-06T01:00:59.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5309
Vulnerability from cvelistv5
Published
2017-04-14 18:00
Modified
2024-08-06 01:00
Severity ?
EPSS score ?
Summary
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160919_00 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1036848 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/92868 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/40405/ | exploit, x_refsource_EXPLOIT-DB | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=867 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1036849 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1036847 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1036850 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:00:59.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160919_00"
},
{
"name": "1036848",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036848"
},
{
"name": "92868",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92868"
},
{
"name": "40405",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40405/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=867"
},
{
"name": "1036849",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036849"
},
{
"name": "1036847",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036847"
},
{
"name": "1036850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-14T16:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160919_00"
},
{
"name": "1036848",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036848"
},
{
"name": "92868",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92868"
},
{
"name": "40405",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40405/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=867"
},
{
"name": "1036849",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036849"
},
{
"name": "1036847",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036847"
},
{
"name": "1036850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036850"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-5309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160919_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160919_00"
},
{
"name": "1036848",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036848"
},
{
"name": "92868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92868"
},
{
"name": "40405",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40405/"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=867",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=867"
},
{
"name": "1036849",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036849"
},
{
"name": "1036847",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036847"
},
{
"name": "1036850",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036850"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-5309",
"datePublished": "2017-04-14T18:00:00",
"dateReserved": "2016-06-06T00:00:00",
"dateUpdated": "2024-08-06T01:00:59.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}