// For flags

CVE-2016-2210

Symantec AntiVirus - 'dec2lha Library' Remote Stack Buffer Overflow (PoC)

Severity Score

7.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file.

Desbordamiento de buffer en Dec2LHA.dll en el motor AntiVirus Decomposer en Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x hasta la versión 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) en versiones anteriores a 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) para Mac; Symantec Endpoint Protection (SEP) para Linux en versiones anteriores a 12.1 RU6 MP5; Symantec Protection Engine (SPE) en versiones anteriores a 7.0.5 HF01, 7.5.x en versiones anteriores a 7.5.3 HF03, 7.5.4 en versiones anteriores a HF01 y 7.8.0 en versiones anteriores a HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 hasta la versión 6.0.5 en versiones anteriores a 6.0.5 HF 1.5 y 6.0.6 en versiones anteriores a HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) en versiones anteriores a 7.0_3966002 HF1.1 y 7.5.x en versiones anteriores a 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) en versiones anteriores a 8.0.9 HF1.1 y 8.1.x en versiones anteriores a 8.1.3 HF1.2; CSAPI en versiones anteriores a 10.0.4 HF01; Symantec Message Gateway (SMG) en versiones anteriores a 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 en versiones anteriores a patch 254 y 10.6 en versiones anteriores a patch 253; Norton AntiVirus, Norton Security, Norton Internet Security y Norton 360 en versiones anteriores a NGC 22.7; Norton Security para Mac en versiones anteriores a 13.0.2; Norton Power Eraser (NPE) en versiones anteriores a 5.1 y Norton Bootable Removal Tool (NBRT) en versiones anteriores a 2016.1 permite a atacantes remotos ejecutar código arbitrario a través de un archivo manipulado.

The Symantec dec2lha library is the library responsible for decompressing LZH and LHA archives. The CSymLHA::get_header() routine has a trivial stack buffer overflow.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-02-02 CVE Reserved
  • 2016-06-29 CVE Published
  • 2024-03-20 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Symantec
Search vendor "Symantec"
Norton 360
Search vendor "Symantec" for product "Norton 360"
*-
Affected
in Symantec
Search vendor "Symantec"
Ngc
Search vendor "Symantec" for product "Ngc"
<= 22.6
Search vendor "Symantec" for product "Ngc" and version " <= 22.6"
-
Affected
Symantec
Search vendor "Symantec"
Norton Antivirus
Search vendor "Symantec" for product "Norton Antivirus"
*-
Affected
in Symantec
Search vendor "Symantec"
Ngc
Search vendor "Symantec" for product "Ngc"
<= 22.6
Search vendor "Symantec" for product "Ngc" and version " <= 22.6"
-
Affected
Symantec
Search vendor "Symantec"
Norton Internet Security
Search vendor "Symantec" for product "Norton Internet Security"
*-
Affected
in Symantec
Search vendor "Symantec"
Ngc
Search vendor "Symantec" for product "Ngc"
<= 22.6
Search vendor "Symantec" for product "Ngc" and version " <= 22.6"
-
Affected
Symantec
Search vendor "Symantec"
Norton Security
Search vendor "Symantec" for product "Norton Security"
*-
Affected
in Symantec
Search vendor "Symantec"
Ngc
Search vendor "Symantec" for product "Ngc"
<= 22.6
Search vendor "Symantec" for product "Ngc" and version " <= 22.6"
-
Affected
Symantec
Search vendor "Symantec"
Norton Security With Backup
Search vendor "Symantec" for product "Norton Security With Backup"
*-
Affected
in Symantec
Search vendor "Symantec"
Ngc
Search vendor "Symantec" for product "Ngc"
<= 22.6
Search vendor "Symantec" for product "Ngc" and version " <= 22.6"
-
Affected
Symantec
Search vendor "Symantec"
Endpoint Protection
Search vendor "Symantec" for product "Endpoint Protection"
12.1.6
Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"
mp1
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Symantec
Search vendor "Symantec"
Endpoint Protection
Search vendor "Symantec" for product "Endpoint Protection"
12.1.6
Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"
mp1
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Symantec
Search vendor "Symantec"
Endpoint Protection
Search vendor "Symantec" for product "Endpoint Protection"
12.1.6
Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"
mp1a
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Symantec
Search vendor "Symantec"
Endpoint Protection
Search vendor "Symantec" for product "Endpoint Protection"
12.1.6
Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"
mp1a
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Symantec
Search vendor "Symantec"
Endpoint Protection
Search vendor "Symantec" for product "Endpoint Protection"
12.1.6
Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"
mp2
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Symantec
Search vendor "Symantec"
Endpoint Protection
Search vendor "Symantec" for product "Endpoint Protection"
12.1.6
Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"
mp2
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Symantec
Search vendor "Symantec"
Endpoint Protection
Search vendor "Symantec" for product "Endpoint Protection"
12.1.6
Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"
mp3
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Symantec
Search vendor "Symantec"
Endpoint Protection
Search vendor "Symantec" for product "Endpoint Protection"
12.1.6
Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"
mp3
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Symantec
Search vendor "Symantec"
Endpoint Protection
Search vendor "Symantec" for product "Endpoint Protection"
12.1.6
Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"
mp4
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Symantec
Search vendor "Symantec"
Endpoint Protection
Search vendor "Symantec" for product "Endpoint Protection"
12.1.6
Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"
mp4
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Symantec
Search vendor "Symantec"
Mail Security For Microsoft Exchange
Search vendor "Symantec" for product "Mail Security For Microsoft Exchange"
>= 7.0 <= 7.0.4
Search vendor "Symantec" for product "Mail Security For Microsoft Exchange" and version " >= 7.0 <= 7.0.4"
-
Affected
Symantec
Search vendor "Symantec"
Mail Security For Microsoft Exchange
Search vendor "Symantec" for product "Mail Security For Microsoft Exchange"
>= 7.5 <= 7.5.4
Search vendor "Symantec" for product "Mail Security For Microsoft Exchange" and version " >= 7.5 <= 7.5.4"
-
Affected
Symantec
Search vendor "Symantec"
Mail Security For Microsoft Exchange
Search vendor "Symantec" for product "Mail Security For Microsoft Exchange"
6.5.8
Search vendor "Symantec" for product "Mail Security For Microsoft Exchange" and version "6.5.8"
-
Affected
Symantec
Search vendor "Symantec"
Norton Power Eraser
Search vendor "Symantec" for product "Norton Power Eraser"
<= 5.0
Search vendor "Symantec" for product "Norton Power Eraser" and version " <= 5.0"
-
Affected
Symantec
Search vendor "Symantec"
Protection Engine
Search vendor "Symantec" for product "Protection Engine"
>= 7.0.0 <= 7.0.5
Search vendor "Symantec" for product "Protection Engine" and version " >= 7.0.0 <= 7.0.5"
-
Affected
Symantec
Search vendor "Symantec"
Protection Engine
Search vendor "Symantec" for product "Protection Engine"
>= 7.5.0 <= 7.5.4
Search vendor "Symantec" for product "Protection Engine" and version " >= 7.5.0 <= 7.5.4"
-
Affected
Symantec
Search vendor "Symantec"
Protection Engine
Search vendor "Symantec" for product "Protection Engine"
7.8.0
Search vendor "Symantec" for product "Protection Engine" and version "7.8.0"
-
Affected
Symantec
Search vendor "Symantec"
Endpoint Protection
Search vendor "Symantec" for product "Endpoint Protection"
12.1.6
Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"
mp1
Affected
Symantec
Search vendor "Symantec"
Endpoint Protection
Search vendor "Symantec" for product "Endpoint Protection"
12.1.6
Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"
mp1a
Affected
Symantec
Search vendor "Symantec"
Endpoint Protection
Search vendor "Symantec" for product "Endpoint Protection"
12.1.6
Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"
mp2
Affected
Symantec
Search vendor "Symantec"
Endpoint Protection
Search vendor "Symantec" for product "Endpoint Protection"
12.1.6
Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"
mp3
Affected
Symantec
Search vendor "Symantec"
Endpoint Protection
Search vendor "Symantec" for product "Endpoint Protection"
12.1.6
Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"
mp4
Affected
Symantec
Search vendor "Symantec"
Message Gateway
Search vendor "Symantec" for product "Message Gateway"
<= 10.6.1-3
Search vendor "Symantec" for product "Message Gateway" and version " <= 10.6.1-3"
-
Affected
Symantec
Search vendor "Symantec"
Message Gateway For Service Providers
Search vendor "Symantec" for product "Message Gateway For Service Providers"
10.5
Search vendor "Symantec" for product "Message Gateway For Service Providers" and version "10.5"
-
Affected
Symantec
Search vendor "Symantec"
Message Gateway For Service Providers
Search vendor "Symantec" for product "Message Gateway For Service Providers"
10.6
Search vendor "Symantec" for product "Message Gateway For Service Providers" and version "10.6"
-
Affected
Symantec
Search vendor "Symantec"
Norton Bootable Removal Tool
Search vendor "Symantec" for product "Norton Bootable Removal Tool"
<= 2016.0
Search vendor "Symantec" for product "Norton Bootable Removal Tool" and version " <= 2016.0"
-
Affected
Symantec
Search vendor "Symantec"
Mail Security For Domino
Search vendor "Symantec" for product "Mail Security For Domino"
>= 8.0 <= 8.0.9
Search vendor "Symantec" for product "Mail Security For Domino" and version " >= 8.0 <= 8.0.9"
-
Affected
Symantec
Search vendor "Symantec"
Mail Security For Domino
Search vendor "Symantec" for product "Mail Security For Domino"
>= 8.1 <= 8.1.3
Search vendor "Symantec" for product "Mail Security For Domino" and version " >= 8.1 <= 8.1.3"
-
Affected
Symantec
Search vendor "Symantec"
Data Center Security Server
Search vendor "Symantec" for product "Data Center Security Server"
6.0
Search vendor "Symantec" for product "Data Center Security Server" and version "6.0"
-
Affected
Symantec
Search vendor "Symantec"
Data Center Security Server
Search vendor "Symantec" for product "Data Center Security Server"
6.0
Search vendor "Symantec" for product "Data Center Security Server" and version "6.0"
mp1
Affected
Symantec
Search vendor "Symantec"
Data Center Security Server
Search vendor "Symantec" for product "Data Center Security Server"
6.5
Search vendor "Symantec" for product "Data Center Security Server" and version "6.5"
-
Affected
Symantec
Search vendor "Symantec"
Data Center Security Server
Search vendor "Symantec" for product "Data Center Security Server"
6.5
Search vendor "Symantec" for product "Data Center Security Server" and version "6.5"
mp1
Affected
Symantec
Search vendor "Symantec"
Data Center Security Server
Search vendor "Symantec" for product "Data Center Security Server"
6.6
Search vendor "Symantec" for product "Data Center Security Server" and version "6.6"
-
Affected
Symantec
Search vendor "Symantec"
Data Center Security Server
Search vendor "Symantec" for product "Data Center Security Server"
6.6
Search vendor "Symantec" for product "Data Center Security Server" and version "6.6"
mp1
Affected
Symantec
Search vendor "Symantec"
Norton Security
Search vendor "Symantec" for product "Norton Security"
<= 13.0.1
Search vendor "Symantec" for product "Norton Security" and version " <= 13.0.1"
macos
Affected
Symantec
Search vendor "Symantec"
Advanced Threat Protection
Search vendor "Symantec" for product "Advanced Threat Protection"
<= 2.0.3
Search vendor "Symantec" for product "Advanced Threat Protection" and version " <= 2.0.3"
-
Affected
Symantec
Search vendor "Symantec"
Protection For Sharepoint Servers
Search vendor "Symantec" for product "Protection For Sharepoint Servers"
6.03
Search vendor "Symantec" for product "Protection For Sharepoint Servers" and version "6.03"
-
Affected
Symantec
Search vendor "Symantec"
Protection For Sharepoint Servers
Search vendor "Symantec" for product "Protection For Sharepoint Servers"
6.04
Search vendor "Symantec" for product "Protection For Sharepoint Servers" and version "6.04"
-
Affected
Symantec
Search vendor "Symantec"
Protection For Sharepoint Servers
Search vendor "Symantec" for product "Protection For Sharepoint Servers"
6.05
Search vendor "Symantec" for product "Protection For Sharepoint Servers" and version "6.05"
-
Affected
Symantec
Search vendor "Symantec"
Protection For Sharepoint Servers
Search vendor "Symantec" for product "Protection For Sharepoint Servers"
6.06
Search vendor "Symantec" for product "Protection For Sharepoint Servers" and version "6.06"
-
Affected
Symantec
Search vendor "Symantec"
Csapi
Search vendor "Symantec" for product "Csapi"
<= 10.0.4
Search vendor "Symantec" for product "Csapi" and version " <= 10.0.4"
-
Affected