CVE-2016-9093
https://notcve.org/view.php?id=CVE-2016-9093
A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able to successfully run that file. If properly constructed, the file could access the driver interface and potentially manipulate certain system calls. On all 32-bit systems and in most cases on 64-bit systems, this will result in a denial of service that will crash the system. • http://www.securityfocus.com/bid/96294 http://www.securitytracker.com/id/1037961 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170306_00 • CWE-20: Improper Input Validation •
CVE-2017-13680
https://notcve.org/view.php?id=CVE-2017-13680
Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system. En versiones anteriores a SEP 12.1 RU6 MP9 SEP 14 RU1, el endpoint Symantec Endpoint Protection Windows puede encontrarse con una situación en la que un atacante podría emplear la interfaz de usuario del producto para realizar borrados no autorizados de archivos en el sistema de archivos residente. • http://www.securityfocus.com/bid/101503 http://www.securitytracker.com/id/1039775 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171106_00 •
CVE-2017-6331 – Symantec Endpoint Protection 12.1 - Tamper-Protection Bypass
https://notcve.org/view.php?id=CVE-2017-6331
Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients. En versiones anteriores a SEP 14 RU1, el producto Symantec Endpoint Protection puede encontrarse con un problema de omisión de protección contra manipulaciones, que es un tipo de ataque que omite la protección en tiempo real para la aplicación que se ejecuta en servidores y clientes. Symantec Endpoint Protection version 12.1.6 suffers from a tamper protection bypass vulnerability. • https://www.exploit-db.com/exploits/43134 http://www.securityfocus.com/bid/101502 http://www.securitytracker.com/id/1039775 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171106_00 •
CVE-2016-5309 – Symantec RAR Decomposer Engine (Multiple Products) - Out-of-Bounds Read / Out-of-Bounds Write
https://notcve.org/view.php?id=CVE-2016-5309
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression. El componente del analizador de archivos RAR en el AntiVirus Decomposer engine en Symantec Advanced Threat Protection: Network (ATP) : Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Servidor; Symantec Endpoint Protection (SEP) para Windows en versiones anteriores a 12.1.6 MP5; Symantec Endpoint Protection (SEP) para Mac; Symantec Endpoint Protection (SEP) en versiones anteriores a Linux en versiones anteriores a 12.1.6 MP6; Symantec Endpoint Protection para SMALL Business Entreprise (SEP SBE / SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) para Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI en versiones anteriores a 10.0.4 HF02; Symantec Protection Engine (SPE) en versiones anteriores a 7.0.5 HF02, 7.5.x en versiones anteriores a 7.5.4 HF02, 7.5.5 en versiones anteriores a 7.5.5 HF01 y 7.8.x en versiones anteriores a 7.8.0 HF03; Symantec Mail Security para Domino (SMSDOM) en versiones anteriores a 8.0.9 HF2.1, 8.1.x en versiones anteriores a 8.1.2 HF2.3 y 8.1.3 en versiones anteriores a 8.1.3 HF2.2; Symantec Mail Security para Microsoft Exchange (SMSMSE) en versiones anteriores a 6.5.8_3968140 HF2.3, 7.x en versiones anteriores a 7.0_3966002 HF2.1 y 7.5.x en versiones anteriores a 7.5_3966008 VHF2.2; Servidores de Symantec Protection para SharePoint (SPSS) antes de la actualización SPSS_6.0.3_To_6.0.5_HF_2.5, 6.0.6 en versiones anteriores a 6.0.6 HF_2.6 y 6.0.7 en versiones anteriores a 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) en versiones anteriores a 10.6.2; Symantec Messaging Gateway para proveedores de servicios (SMG-SP) en versiones anteriores a 10.5 parche 260 y en versiones anteriores a10.6 parche 259; Symantec Web Gateway; y Symantec Web Security.Cloud permite a los atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo RAR manipulado que se maneja incorrectamente durante la descompresión. • https://www.exploit-db.com/exploits/40405 http://www.securityfocus.com/bid/92868 http://www.securitytracker.com/id/1036847 http://www.securitytracker.com/id/1036848 http://www.securitytracker.com/id/1036849 http://www.securitytracker.com/id/1036850 https://bugs.chromium.org/p/project-zero/issues/detail?id=867 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160919_00 • CWE-125: Out-of-bounds Read •
CVE-2016-5310 – Symantec RAR Decomposer Engine (Multiple Products) - Out-of-Bounds Read / Out-of-Bounds Write
https://notcve.org/view.php?id=CVE-2016-5310
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression. El componente del analizador de archivos RAR en el motor AntiVirus Decomposer en Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Servidor; Symantec Endpoint Protection (SEP) para Windows en versiones anteriores a 12.1.6 MP5; Symantec Endpoint Protection (SEP) para Mac; Symantec Endpoint Protection (SEP) para Linux en versiones anteriores a 12.1.6 MP6; Symantec Endpoint Protection para pequeñas empresas (SEP SBE / SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) para Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI en versiones anteriores a 10.0.4 HF02; Symantec Protection Engine (SPE) en versiones anteriores a 7.0.5 HF02, 7.5.x en versiones anteriores a 7.5.4 HF02, 7.5.5 en versiones anteriores a 7.5.5 HF01 y 7.8.x en versiones anteriores a 7.8.0 HF03; Symantec Mail Security para Domino (SMSDOM) en versiones anteriores a 8.0.9 HF2.1, 8.1.x en versiones anteriores a 8.1.2 HF2.3 y 8.1.3 en versiones anteriores a 8.1.3 HF2.2; Symantec Mail Security para Microsoft Exchange (SMSMSE) en versiones anteriores a 6.5.8_3968140 HF2.3, 7.x en versiones anteriores a 7.0_3966002 HF2.1 y 7.5.x en versiones anteriores a 7.5_3966008 VHF2.2; Servidores de Symantec Protection para SharePoint (SPSS) antes de la actualización SPSS_6.0.3_To_6.0.5_HF_2.5, 6.0.6 en versiones anteriores a 6.0.6 HF_2.6 y 6.0.7 en versiones anteriores a 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) en versiones antriores a 10.6.2; Symantec Messaging Gateway para proveedores de servicios (SMG-SP) en versiones anteriores a 10.5 parche 260 y 10.6 en versiones anteriores al parche 259; Symantec Web Gateway; y Symantec Web Security.Cloud permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) a través de un archivo RAR diseñado que se maneja mal durante la descompresión. • https://www.exploit-db.com/exploits/40405 http://www.securityfocus.com/bid/92866 http://www.securitytracker.com/id/1036847 http://www.securitytracker.com/id/1036848 http://www.securitytracker.com/id/1036849 http://www.securitytracker.com/id/1036850 https://bugs.chromium.org/p/project-zero/issues/detail?id=867 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160919_00 • CWE-787: Out-of-bounds Write •