CVE-2016-3644
Symantec AntiVirus - Heap Overflow Modifying MIME Messages
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via modified MIME data in a message.
El motor AntiVirus Decomposer en Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x hasta la versión 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) en versiones anteriores a 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) para Mac; Symantec Endpoint Protection (SEP) para Linuxen versiones anteriores a 12.1 RU6 MP5; Symantec Protection Engine (SPE) en versiones anteriores a 7.0.5 HF01, 7.5.x en versiones anteriores a 7.5.3 HF03, 7.5.4 en versiones anteriores a HF01 y 7.8.0 en versiones anteriores a HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 hasta la versión 6.0.5 en versiones anteriores a 6.0.5 HF 1.5 y 6.0.6 en versiones anteriores a HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) en versiones anteriores a 7.0_3966002 HF1.1 y 7.5.x en versiones anteriores a 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) en versiones anteriores a 8.0.9 HF1.1 y 8.1.x en versiones anteriores a 8.1.3 HF1.2; CSAPI en versiones anteriores a 10.0.4 HF01; Symantec Message Gateway (SMG) en versiones anteriores a 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 en versiones anteriores a patch 254 y 10.6 en versiones anteriores a patch 253; Norton AntiVirus, Norton Security, Norton Internet Security y Norton 360 en versiones anteriores a NGC 22.7; Norton Security para Mac en versiones anteriores a 13.0.2; Norton Power Eraser (NPE) en versiones anteriores a5.1 y Norton Bootable Removal Tool (NBRT) en versiones anteriores a 2016.1 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de datos MIME modificados en un mensaje.
Symantec attempts to clean or remove components from archives or other multipart containers that they detect as malicious. The code that they use to remove components from MIME encoded messages in CMIMEParser::UpdateHeader() assumes that filenames cannot be longer than 77 characters. This assumption is obviously incorrect, names can be any length, resulting in a very clean heap overflow.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-03-23 CVE Reserved
- 2016-06-29 CVE Published
- 2024-05-24 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/91431 | Third Party Advisory | |
http://www.securitytracker.com/id/1036198 | Third Party Advisory | |
http://www.securitytracker.com/id/1036199 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/40034 | 2024-08-06 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Symantec Search vendor "Symantec" | Norton 360 Search vendor "Symantec" for product "Norton 360" | * | - |
Affected
| in | Symantec Search vendor "Symantec" | Ngc Search vendor "Symantec" for product "Ngc" | <= 22.6 Search vendor "Symantec" for product "Ngc" and version " <= 22.6" | - |
Affected
|
Symantec Search vendor "Symantec" | Norton Antivirus Search vendor "Symantec" for product "Norton Antivirus" | * | - |
Affected
| in | Symantec Search vendor "Symantec" | Ngc Search vendor "Symantec" for product "Ngc" | <= 22.6 Search vendor "Symantec" for product "Ngc" and version " <= 22.6" | - |
Affected
|
Symantec Search vendor "Symantec" | Norton Internet Security Search vendor "Symantec" for product "Norton Internet Security" | * | - |
Affected
| in | Symantec Search vendor "Symantec" | Ngc Search vendor "Symantec" for product "Ngc" | <= 22.6 Search vendor "Symantec" for product "Ngc" and version " <= 22.6" | - |
Affected
|
Symantec Search vendor "Symantec" | Norton Security Search vendor "Symantec" for product "Norton Security" | * | - |
Affected
| in | Symantec Search vendor "Symantec" | Ngc Search vendor "Symantec" for product "Ngc" | <= 22.6 Search vendor "Symantec" for product "Ngc" and version " <= 22.6" | - |
Affected
|
Symantec Search vendor "Symantec" | Norton Security With Backup Search vendor "Symantec" for product "Norton Security With Backup" | * | - |
Affected
| in | Symantec Search vendor "Symantec" | Ngc Search vendor "Symantec" for product "Ngc" | <= 22.6 Search vendor "Symantec" for product "Ngc" and version " <= 22.6" | - |
Affected
|
Symantec Search vendor "Symantec" | Norton Security Search vendor "Symantec" for product "Norton Security" | <= 13.0.1 Search vendor "Symantec" for product "Norton Security" and version " <= 13.0.1" | macos |
Affected
| ||||||
Symantec Search vendor "Symantec" | Protection Engine Search vendor "Symantec" for product "Protection Engine" | >= 7.0.0 <= 7.0.5 Search vendor "Symantec" for product "Protection Engine" and version " >= 7.0.0 <= 7.0.5" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Protection Engine Search vendor "Symantec" for product "Protection Engine" | >= 7.5.0 <= 7.5.4 Search vendor "Symantec" for product "Protection Engine" and version " >= 7.5.0 <= 7.5.4" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Protection Engine Search vendor "Symantec" for product "Protection Engine" | 7.8.0 Search vendor "Symantec" for product "Protection Engine" and version "7.8.0" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Advanced Threat Protection Search vendor "Symantec" for product "Advanced Threat Protection" | <= 2.0.3 Search vendor "Symantec" for product "Advanced Threat Protection" and version " <= 2.0.3" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Norton Bootable Removal Tool Search vendor "Symantec" for product "Norton Bootable Removal Tool" | <= 2016.0 Search vendor "Symantec" for product "Norton Bootable Removal Tool" and version " <= 2016.0" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Data Center Security Server Search vendor "Symantec" for product "Data Center Security Server" | 6.0 Search vendor "Symantec" for product "Data Center Security Server" and version "6.0" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Data Center Security Server Search vendor "Symantec" for product "Data Center Security Server" | 6.0 Search vendor "Symantec" for product "Data Center Security Server" and version "6.0" | mp1 |
Affected
| ||||||
Symantec Search vendor "Symantec" | Data Center Security Server Search vendor "Symantec" for product "Data Center Security Server" | 6.5 Search vendor "Symantec" for product "Data Center Security Server" and version "6.5" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Data Center Security Server Search vendor "Symantec" for product "Data Center Security Server" | 6.5 Search vendor "Symantec" for product "Data Center Security Server" and version "6.5" | mp1 |
Affected
| ||||||
Symantec Search vendor "Symantec" | Data Center Security Server Search vendor "Symantec" for product "Data Center Security Server" | 6.6 Search vendor "Symantec" for product "Data Center Security Server" and version "6.6" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Data Center Security Server Search vendor "Symantec" for product "Data Center Security Server" | 6.6 Search vendor "Symantec" for product "Data Center Security Server" and version "6.6" | mp1 |
Affected
| ||||||
Symantec Search vendor "Symantec" | Protection For Sharepoint Servers Search vendor "Symantec" for product "Protection For Sharepoint Servers" | >= 6.0 <= 6.0.6 Search vendor "Symantec" for product "Protection For Sharepoint Servers" and version " >= 6.0 <= 6.0.6" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Protection For Sharepoint Servers Search vendor "Symantec" for product "Protection For Sharepoint Servers" | >= 6.03 <= 6.05 Search vendor "Symantec" for product "Protection For Sharepoint Servers" and version " >= 6.03 <= 6.05" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Message Gateway For Service Providers Search vendor "Symantec" for product "Message Gateway For Service Providers" | 10.5 Search vendor "Symantec" for product "Message Gateway For Service Providers" and version "10.5" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Message Gateway For Service Providers Search vendor "Symantec" for product "Message Gateway For Service Providers" | 10.6 Search vendor "Symantec" for product "Message Gateway For Service Providers" and version "10.6" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Csapi Search vendor "Symantec" for product "Csapi" | <= 10.0.4 Search vendor "Symantec" for product "Csapi" and version " <= 10.0.4" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection" | 12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection" | 12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6" | mp1 |
Affected
| ||||||
Symantec Search vendor "Symantec" | Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection" | 12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6" | mp2 |
Affected
| ||||||
Symantec Search vendor "Symantec" | Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection" | 12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6" | mp3 |
Affected
| ||||||
Symantec Search vendor "Symantec" | Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection" | 12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6" | mp4 |
Affected
| ||||||
Symantec Search vendor "Symantec" | Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection" | 12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6" | mp4, linux |
Affected
| ||||||
Symantec Search vendor "Symantec" | Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection" | 12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6" | mp4, macos |
Affected
| ||||||
Symantec Search vendor "Symantec" | Norton Power Eraser Search vendor "Symantec" for product "Norton Power Eraser" | <= 5.0 Search vendor "Symantec" for product "Norton Power Eraser" and version " <= 5.0" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Mail Security For Domino Search vendor "Symantec" for product "Mail Security For Domino" | >= 8.0 <= 8.0.9 Search vendor "Symantec" for product "Mail Security For Domino" and version " >= 8.0 <= 8.0.9" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Mail Security For Domino Search vendor "Symantec" for product "Mail Security For Domino" | >= 8.1 <= 8.1.3 Search vendor "Symantec" for product "Mail Security For Domino" and version " >= 8.1 <= 8.1.3" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Mail Security For Microsoft Exchange Search vendor "Symantec" for product "Mail Security For Microsoft Exchange" | >= 7.0 <= 7.0.4 Search vendor "Symantec" for product "Mail Security For Microsoft Exchange" and version " >= 7.0 <= 7.0.4" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Mail Security For Microsoft Exchange Search vendor "Symantec" for product "Mail Security For Microsoft Exchange" | >= 7.5 <= 7.5.4 Search vendor "Symantec" for product "Mail Security For Microsoft Exchange" and version " >= 7.5 <= 7.5.4" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Mail Security For Microsoft Exchange Search vendor "Symantec" for product "Mail Security For Microsoft Exchange" | 6.5.8 Search vendor "Symantec" for product "Mail Security For Microsoft Exchange" and version "6.5.8" | - |
Affected
| ||||||
Symantec Search vendor "Symantec" | Message Gateway Search vendor "Symantec" for product "Message Gateway" | <= 10.6.1-3 Search vendor "Symantec" for product "Message Gateway" and version " <= 10.6.1-3" | - |
Affected
|