Details of VAR-201704-0123

ID

VAR-201704-0123

CVE

CVE-2016-5309

TITLE

plural Symantec Product AntiVirus Decomposer Engine RAR Service disruption in file parser components (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-008464

DESCRIPTION

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression. plural Symantec Product AntiVirus Decomposer Engine RAR File parser component has a service disruption ( Read out of bounds ) There are vulnerabilities that are put into a state.Crafted by a remote attacker that is mishandled during decompression RAR Service disruption via file ( Read out of bounds ) There is a possibility of being put into a state. Multiple Symantec products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. AntiVirus Decomposer engine is one of the anti-virus engines. RAR file parser is one of the compressed file parsing components

Trust: 1.98

sources: NVD: CVE-2016-5309 // JVNDB: JVNDB-2016-008464 // BID: 92868 // VULHUB: VHN-94128

AFFECTED PRODUCTS

vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	7.0.4	Trust: 1.9
vendor:	symantec	model:	protection engine	scope:	eq	version:	7.5.5	Trust: 1.9
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.1.2	Trust: 1.9
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.1.3	Trust: 1.9
vendor:	symantec	model:	protection engine	scope:	eq	version:	7.5.1	Trust: 1.6
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	7.0.1	Trust: 1.6
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	7.0.2	Trust: 1.6
vendor:	symantec	model:	protection engine	scope:	eq	version:	7.5.2	Trust: 1.6
vendor:	symantec	model:	protection for sharepoint servers	scope:	eq	version:	6.0.5	Trust: 1.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	7.5.4	Trust: 1.3
vendor:	symantec	model:	web gateway	scope:	eq	version:	-	Trust: 1.3
vendor:	symantec	model:	protection for sharepoint servers	scope:	eq	version:	6.0.6	Trust: 1.3
vendor:	symantec	model:	protection for sharepoint servers	scope:	eq	version:	6.0.7	Trust: 1.3
vendor:	symantec	model:	protection engine	scope:	eq	version:	7.5.4	Trust: 1.3
vendor:	symantec	model:	protection engine	scope:	eq	version:	7.5.3	Trust: 1.3
vendor:	symantec	model:	advanced threat protection	scope:	eq	version:	-	Trust: 1.0
vendor:	broadcom	model:	symantec data center security server	scope:	eq	version:	-	Trust: 1.0
vendor:	symantec	model:	endpoint protection	scope:	lte	version:	12.1.4	Trust: 1.0
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	7.5.3	Trust: 1.0
vendor:	symantec	model:	protection engine	scope:	eq	version:	7.8.0	Trust: 1.0
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	7.0.3	Trust: 1.0
vendor:	symantec	model:	mail security for domino	scope:	lte	version:	8.0.9	Trust: 1.0
vendor:	symantec	model:	endpoint protection for small business	scope:	eq	version:	-	Trust: 1.0
vendor:	symantec	model:	endpoint protection for small business	scope:	lte	version:	12.1	Trust: 1.0
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	7.5.2	Trust: 1.0
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	7.5	Trust: 1.0
vendor:	symantec	model:	protection for sharepoint servers	scope:	eq	version:	6.0.3	Trust: 1.0
vendor:	symantec	model:	endpoint protection	scope:	lte	version:	12.1.6	Trust: 1.0
vendor:	symantec	model:	protection engine	scope:	lte	version:	7.0.5	Trust: 1.0
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	7.0	Trust: 1.0
vendor:	symantec	model:	messaging gateway for service providers	scope:	eq	version:	10.5	Trust: 1.0
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	7.5.1	Trust: 1.0
vendor:	symantec	model:	mail security for microsoft exchange	scope:	lte	version:	6.5.8	Trust: 1.0
vendor:	symantec	model:	endpoint protection cloud	scope:	eq	version:	-	Trust: 1.0
vendor:	symantec	model:	protection for sharepoint servers	scope:	eq	version:	6.0.4	Trust: 1.0
vendor:	symantec	model:	web security.cloud	scope:	eq	version:	-	Trust: 1.0
vendor:	symantec	model:	messaging gateway	scope:	lte	version:	10.6.1	Trust: 1.0
vendor:	symantec	model:	protection engine	scope:	eq	version:	7.5.0	Trust: 1.0
vendor:	symantec	model:	csapi	scope:	lte	version:	10.0.4	Trust: 1.0
vendor:	symantec	model:	messaging gateway for service providers	scope:	eq	version:	10.6	Trust: 1.0
vendor:	symantec	model:	email security.cloud	scope:	eq	version:	-	Trust: 1.0
vendor:	symantec	model:	protection engine	scope:	eq	version:	7.0.5	Trust: 0.9
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.0.9	Trust: 0.9
vendor:	symantec	model:	advanced threat protection	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	csapi	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	messaging gateway for service providers	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	data center security:server	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	email security.cloud	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	endpoint protection	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	endpoint protection cloud	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	endpoint protection small business edition	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	mail security for domino	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	mail security for microsoft exchange	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	messaging gateway	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	protection engine	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	protection for sharepoint servers	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	web gateway	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	web security.cloud	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	endpoint protection ru6	scope:	eq	version:	11.0	Trust: 0.6
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.4000.2295	Trust: 0.6
vendor:	symantec	model:	endpoint protection ru6a	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.13	Trust: 0.3
vendor:	symantec	model:	message gateway	scope:	eq	version:	10.6.1-3	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6mp2	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.6.368	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	12.1	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.1	Trust: 0.3
vendor:	symantec	model:	endpoint protection mp5	scope:	ne	version:	12.1	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.7	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.7	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.6100	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	4.1.9.37	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	12.1.4	Trust: 0.3
vendor:	symantec	model:	endpoint protection for mac mp4	scope:	eq	version:	12.1.6	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection mr3	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	message gateway for service providers patch	scope:	ne	version:	10.5260	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	4.1.4	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru2	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.2010.25	Trust: 0.3
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	0	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.6	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.12	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	5.1.4.32	Trust: 0.3
vendor:	symantec	model:	message gateway	scope:	ne	version:	10.6.2	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	12.1.5	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.1	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	12.1.1.1	Trust: 0.3
vendor:	symantec	model:	endpoint protection for linux mp4	scope:	eq	version:	12.1.6	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.11	Trust: 0.3
vendor:	symantec	model:	endpoint protection mp1	scope:	eq	version:	11.0.1	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	4.5	Trust: 0.3
vendor:	symantec	model:	norton security	scope:	eq	version:	0	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	5.1	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.0.19	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.7	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.2	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.10	Trust: 0.3
vendor:	symantec	model:	email security server.cloud	scope:	eq	version:	0	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	4.6.5.12	Trust: 0.3
vendor:	symantec	model:	endpoint protection mp1	scope:	eq	version:	11.0.2	Trust: 0.3
vendor:	symantec	model:	endpoint protection cloud for windows	scope:	eq	version:	0	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	12.1.4100.4126	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	12.1.3	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.1.1	Trust: 0.3
vendor:	symantec	model:	data center security:server	scope:	eq	version:	6.5	Trust: 0.3
vendor:	symantec	model:	norton security for mac	scope:	eq	version:	13.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	12.1.4013	Trust: 0.3
vendor:	symantec	model:	message gateway for service providers patch	scope:	ne	version:	10.6259	Trust: 0.3
vendor:	symantec	model:	endpoint protection mr1	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.0.8	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	symantec	model:	message gateway	scope:	eq	version:	10.6.1-4	Trust: 0.3
vendor:	symantec	model:	message gateway for service providers	scope:	eq	version:	10.5	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.13	Trust: 0.3
vendor:	symantec	model:	csapi	scope:	eq	version:	10.0.4	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.2020.56	Trust: 0.3
vendor:	symantec	model:	protection engine hf03	scope:	ne	version:	7.8	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.4.29	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.4.363	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.7.3	Trust: 0.3
vendor:	symantec	model:	protection engine hf02	scope:	ne	version:	7.0.5	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru7	scope:	eq	version:	11	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.781.1287	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.3001.2224	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.8	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru7 mp1	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6 mp2	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	web security .cloud	scope:	eq	version:	0	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.9	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.12	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.5	Trust: 0.3
vendor:	symantec	model:	endpoint protection small business edition	scope:	eq	version:	12.1	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.9	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.5.8	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	5.1.2.28	Trust: 0.3
vendor:	symantec	model:	data center security:server	scope:	eq	version:	6.6	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	4.0	Trust: 0.3
vendor:	symantec	model:	data center security:server 6.6mp1	scope:	-	version:	-	Trust: 0.3
vendor:	symantec	model:	advanced threat protection	scope:	eq	version:	0	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.7.2	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.0.024	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru7 mp2	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6-mp3(11.0.63	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.10.382	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	12.1.2.1	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.4010.19	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.0	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.12	Trust: 0.3
vendor:	symantec	model:	endpoint protection mp4	scope:	eq	version:	12.1.6	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.6	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	12.1.1000	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.0.6	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.7000	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru4	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	protection engine hf01	scope:	ne	version:	7.5.5	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6 mp4	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.0.3	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	12.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.6000	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.5	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	5.0.47	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.10	Trust: 0.3
vendor:	symantec	model:	endpoint protection cloud for mac	scope:	eq	version:	0	Trust: 0.3
vendor:	symantec	model:	endpoint protection mr2	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.3001	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.2001.10	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.8	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru5	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	4.6.8.120	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.10	Trust: 0.3
vendor:	symantec	model:	endpoint protection for linux mp5	scope:	eq	version:	12.1.6	Trust: 0.3
vendor:	symantec	model:	data center security:server	scope:	eq	version:	6.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	12.1.2015.2015	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.3.25	Trust: 0.3
vendor:	symantec	model:	message gateway for service providers	scope:	eq	version:	10.6	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6 mp3	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.5.5	Trust: 0.3
vendor:	symantec	model:	endpoint protection for mac mp5	scope:	eq	version:	12.1.6	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.11	Trust: 0.3
vendor:	symantec	model:	protection engine	scope:	eq	version:	7.8	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	4.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	12.1.6	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.2000.1567	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.6200.754	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6mp1	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6 mp1	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.7.4	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	4.1	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6-mp1(11.0.61	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.7.1	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.325	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	data center security:server 6.5mp1	scope:	-	version:	-	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.5.6	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.5.32	Trust: 0.3
vendor:	symantec	model:	endpoint protection mp2	scope:	eq	version:	11.0.1	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.7100	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.4010.26	Trust: 0.3
vendor:	symantec	model:	data center security:server 6.0mp1	scope:	-	version:	-	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.5.1	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.11	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.7.373	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.6300	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.4000	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.6200	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru7-mp3	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	norton bootable removal tool	scope:	eq	version:	2016.1	Trust: 0.3
vendor:	symantec	model:	endpoint protection mp2	scope:	eq	version:	11.0.2	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6-mp2(11.0.62	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.0.1	Trust: 0.3
vendor:	symantec	model:	protection engine hf02	scope:	ne	version:	7.5.4	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.780.1109	Trust: 0.3
vendor:	symantec	model:	csapi hf02	scope:	ne	version:	10.0.4	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.4202.75	Trust: 0.3
vendor:	symantec	model:	endpoint protection mp5	scope:	eq	version:	12.1.6	Trust: 0.3

sources: BID: 92868 // JVNDB: JVNDB-2016-008464 // CNNVD: CNNVD-201609-396 // NVD: CVE-2016-5309

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-5309
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-5309
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201609-396
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-94128
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-5309
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-94128
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-5309
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2016-5309
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-94128 // JVNDB: JVNDB-2016-008464 // CNNVD: CNNVD-201609-396 // NVD: CVE-2016-5309

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.9

sources: VULHUB: VHN-94128 // JVNDB: JVNDB-2016-008464 // NVD: CVE-2016-5309

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201609-396

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201609-396

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008464

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-94128

PATCH

title:	SYM16-015	url:	https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160919_00	Trust: 0.8
title:	Multiple Symantec Product memory corruption vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64190	Trust: 0.6

sources: JVNDB: JVNDB-2016-008464 // CNNVD: CNNVD-201609-396

EXTERNAL IDS

db:	NVD	id:	CVE-2016-5309	Trust: 2.8
db:	BID	id:	92868	Trust: 2.0
db:	EXPLOIT-DB	id:	40405	Trust: 1.7
db:	SECTRACK	id:	1036847	Trust: 1.7
db:	SECTRACK	id:	1036849	Trust: 1.7
db:	SECTRACK	id:	1036848	Trust: 1.7
db:	SECTRACK	id:	1036850	Trust: 1.7
db:	JVNDB	id:	JVNDB-2016-008464	Trust: 0.8
db:	CNNVD	id:	CNNVD-201609-396	Trust: 0.7
db:	VULHUB	id:	VHN-94128	Trust: 0.1

sources: VULHUB: VHN-94128 // BID: 92868 // JVNDB: JVNDB-2016-008464 // CNNVD: CNNVD-201609-396 // NVD: CVE-2016-5309

REFERENCES

url:	https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160919_00	Trust: 1.9
url:	http://www.securityfocus.com/bid/92868	Trust: 1.7
url:	https://www.exploit-db.com/exploits/40405/	Trust: 1.7
url:	https://bugs.chromium.org/p/project-zero/issues/detail?id=867	Trust: 1.7
url:	http://www.securitytracker.com/id/1036847	Trust: 1.7
url:	http://www.securitytracker.com/id/1036848	Trust: 1.7
url:	http://www.securitytracker.com/id/1036849	Trust: 1.7
url:	http://www.securitytracker.com/id/1036850	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5309	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5309	Trust: 0.8
url:	http://www.symantec.com	Trust: 0.3
url:	https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160919_00	Trust: 0.1

sources: VULHUB: VHN-94128 // BID: 92868 // JVNDB: JVNDB-2016-008464 // CNNVD: CNNVD-201609-396 // NVD: CVE-2016-5309

CREDITS

Tavis Ormandy with Google???s Project Zero

Trust: 0.6

sources: CNNVD: CNNVD-201609-396

SOURCES

db:	VULHUB	id:	VHN-94128
db:	BID	id:	92868
db:	JVNDB	id:	JVNDB-2016-008464
db:	CNNVD	id:	CNNVD-201609-396
db:	NVD	id:	CVE-2016-5309

LAST UPDATE DATE

2024-11-23T22:38:36.029000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-94128	date:	2017-04-25T00:00:00
db:	BID	id:	92868	date:	2016-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2016-008464	date:	2017-05-19T00:00:00
db:	CNNVD	id:	CNNVD-201609-396	date:	2021-09-10T00:00:00
db:	NVD	id:	CVE-2016-5309	date:	2024-11-21T02:54:04.413

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-94128	date:	2017-04-14T00:00:00
db:	BID	id:	92868	date:	2016-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2016-008464	date:	2017-05-19T00:00:00
db:	CNNVD	id:	CNNVD-201609-396	date:	2016-09-20T00:00:00
db:	NVD	id:	CVE-2016-5309	date:	2017-04-14T18:59:00.500