CVE-2016-3645

Symantec AntiVirus - TNEF Decoder Integer Overflow

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to have an unspecified impact via crafted TNEF data.

Desbordamiento de entero en el desempaquetado TNEF en el motor AntiVirus Decomposer en Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x hasta la versión 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) en versiones anteriores a 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) para Mac; Symantec Endpoint Protection (SEP) para Linux en versiones anteriores a 12.1 RU6 MP5; Symantec Protection Engine (SPE) en versiones anteriores a 7.0.5 HF01, 7.5.x en versiones anteriores a 7.5.3 HF03, 7.5.4 en versiones anteriores a HF01 y 7.8.0 en versiones anteriores a HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 hasta la versión 6.0.5 en versiones anteriores a 6.0.5 HF 1.5 y 6.0.6 en versiones anteriores a HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) en versiones anteriores a 7.0_3966002 HF1.1 y 7.5.x en versiones anteriores a 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) en versiones anteriores a 8.0.9 HF1.1 y 8.1.x en versiones anteriores a 8.1.3 HF1.2; CSAPI en versiones anteriores a 10.0.4 HF01; Symantec Message Gateway (SMG) en versiones anteriores a 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 en versiones anteriores a patch 254 y 10.6 en versiones anteriores a patch 253; Norton AntiVirus, Norton Security, Norton Internet Security y Norton 360 en versiones anteriores a NGC 22.7; Norton Security para Mac en versiones anteriores a 13.0.2; Norton Power Eraser (NPE) en versiones anteriores a 5.1 y Norton Bootable Removal Tool (NBRT) en versiones anteriores a 2016.1 permite a atacantes remotos tener un impacto no especificado a través de datos TNEF manipulados.

Symantec suffers from an integer overflow in the TNEF decoder.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-03-23 CVE Reserved
2016-06-29 CVE Published
2024-08-06 CVE Updated
2024-08-06 First Exploit
2024-11-03 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-189: Numeric Errors

CAPEC

References (5)

URL	Tag	Source
http://www.securityfocus.com/bid/91439	Third Party Advisory
http://www.securitytracker.com/id/1036198	Third Party Advisory
http://www.securitytracker.com/id/1036199	Third Party Advisory

URL	Date	SRC
https://www.exploit-db.com/exploits/40035	2024-08-06

URL	Date	SRC

URL	Date	SRC
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00	2020-05-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Symantec Search vendor "Symantec"	Norton 360 Search vendor "Symantec" for product "Norton 360"	*	-	Affected	in	Symantec Search vendor "Symantec"	Ngc Search vendor "Symantec" for product "Ngc"	<= 22.6 Search vendor "Symantec" for product "Ngc" and version " <= 22.6"	-	Affected
Symantec Search vendor "Symantec"	Norton Antivirus Search vendor "Symantec" for product "Norton Antivirus"	*	-	Affected	in	Symantec Search vendor "Symantec"	Ngc Search vendor "Symantec" for product "Ngc"	<= 22.6 Search vendor "Symantec" for product "Ngc" and version " <= 22.6"	-	Affected
Symantec Search vendor "Symantec"	Norton Internet Security Search vendor "Symantec" for product "Norton Internet Security"	*	-	Affected	in	Symantec Search vendor "Symantec"	Ngc Search vendor "Symantec" for product "Ngc"	<= 22.6 Search vendor "Symantec" for product "Ngc" and version " <= 22.6"	-	Affected
Symantec Search vendor "Symantec"	Norton Security Search vendor "Symantec" for product "Norton Security"	*	-	Affected	in	Symantec Search vendor "Symantec"	Ngc Search vendor "Symantec" for product "Ngc"	<= 22.6 Search vendor "Symantec" for product "Ngc" and version " <= 22.6"	-	Affected
Symantec Search vendor "Symantec"	Norton Security With Backup Search vendor "Symantec" for product "Norton Security With Backup"	*	-	Affected	in	Symantec Search vendor "Symantec"	Ngc Search vendor "Symantec" for product "Ngc"	<= 22.6 Search vendor "Symantec" for product "Ngc" and version " <= 22.6"	-	Affected
Symantec Search vendor "Symantec"		Norton Security Search vendor "Symantec" for product "Norton Security"				<= 13.0.1 Search vendor "Symantec" for product "Norton Security" and version " <= 13.0.1"		macos		Affected
Symantec Search vendor "Symantec"		Protection Engine Search vendor "Symantec" for product "Protection Engine"				>= 7.0.0 <= 7.0.5 Search vendor "Symantec" for product "Protection Engine" and version " >= 7.0.0 <= 7.0.5"		-		Affected
Symantec Search vendor "Symantec"		Protection Engine Search vendor "Symantec" for product "Protection Engine"				>= 7.5.0 <= 7.5.4 Search vendor "Symantec" for product "Protection Engine" and version " >= 7.5.0 <= 7.5.4"		-		Affected
Symantec Search vendor "Symantec"		Protection Engine Search vendor "Symantec" for product "Protection Engine"				7.8.0 Search vendor "Symantec" for product "Protection Engine" and version "7.8.0"		-		Affected
Symantec Search vendor "Symantec"		Advanced Threat Protection Search vendor "Symantec" for product "Advanced Threat Protection"				<= 2.0.3 Search vendor "Symantec" for product "Advanced Threat Protection" and version " <= 2.0.3"		-		Affected
Symantec Search vendor "Symantec"		Norton Bootable Removal Tool Search vendor "Symantec" for product "Norton Bootable Removal Tool"				<= 2016.0 Search vendor "Symantec" for product "Norton Bootable Removal Tool" and version " <= 2016.0"		-		Affected
Symantec Search vendor "Symantec"		Data Center Security Server Search vendor "Symantec" for product "Data Center Security Server"				6.0 Search vendor "Symantec" for product "Data Center Security Server" and version "6.0"		-		Affected
Symantec Search vendor "Symantec"		Data Center Security Server Search vendor "Symantec" for product "Data Center Security Server"				6.0 Search vendor "Symantec" for product "Data Center Security Server" and version "6.0"		mp1		Affected
Symantec Search vendor "Symantec"		Data Center Security Server Search vendor "Symantec" for product "Data Center Security Server"				6.5 Search vendor "Symantec" for product "Data Center Security Server" and version "6.5"		-		Affected
Symantec Search vendor "Symantec"		Data Center Security Server Search vendor "Symantec" for product "Data Center Security Server"				6.5 Search vendor "Symantec" for product "Data Center Security Server" and version "6.5"		mp1		Affected
Symantec Search vendor "Symantec"		Data Center Security Server Search vendor "Symantec" for product "Data Center Security Server"				6.6 Search vendor "Symantec" for product "Data Center Security Server" and version "6.6"		-		Affected
Symantec Search vendor "Symantec"		Data Center Security Server Search vendor "Symantec" for product "Data Center Security Server"				6.6 Search vendor "Symantec" for product "Data Center Security Server" and version "6.6"		mp1		Affected
Symantec Search vendor "Symantec"		Protection For Sharepoint Servers Search vendor "Symantec" for product "Protection For Sharepoint Servers"				>= 6.0 <= 6.0.6 Search vendor "Symantec" for product "Protection For Sharepoint Servers" and version " >= 6.0 <= 6.0.6"		-		Affected
Symantec Search vendor "Symantec"		Protection For Sharepoint Servers Search vendor "Symantec" for product "Protection For Sharepoint Servers"				>= 6.03 <= 6.05 Search vendor "Symantec" for product "Protection For Sharepoint Servers" and version " >= 6.03 <= 6.05"		-		Affected
Symantec Search vendor "Symantec"		Message Gateway For Service Providers Search vendor "Symantec" for product "Message Gateway For Service Providers"				10.5 Search vendor "Symantec" for product "Message Gateway For Service Providers" and version "10.5"		-		Affected
Symantec Search vendor "Symantec"		Message Gateway For Service Providers Search vendor "Symantec" for product "Message Gateway For Service Providers"				10.6 Search vendor "Symantec" for product "Message Gateway For Service Providers" and version "10.6"		-		Affected
Symantec Search vendor "Symantec"		Csapi Search vendor "Symantec" for product "Csapi"				<= 10.0.4 Search vendor "Symantec" for product "Csapi" and version " <= 10.0.4"		-		Affected
Symantec Search vendor "Symantec"		Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection"				12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"		-		Affected
Symantec Search vendor "Symantec"		Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection"				12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"		mp1		Affected
Symantec Search vendor "Symantec"		Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection"				12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"		mp2		Affected
Symantec Search vendor "Symantec"		Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection"				12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"		mp3		Affected
Symantec Search vendor "Symantec"		Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection"				12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"		mp4		Affected
Symantec Search vendor "Symantec"		Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection"				12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"		mp4, linux		Affected
Symantec Search vendor "Symantec"		Endpoint Protection Search vendor "Symantec" for product "Endpoint Protection"				12.1.6 Search vendor "Symantec" for product "Endpoint Protection" and version "12.1.6"		mp4, macos		Affected
Symantec Search vendor "Symantec"		Norton Power Eraser Search vendor "Symantec" for product "Norton Power Eraser"				<= 5.0 Search vendor "Symantec" for product "Norton Power Eraser" and version " <= 5.0"		-		Affected
Symantec Search vendor "Symantec"		Mail Security For Domino Search vendor "Symantec" for product "Mail Security For Domino"				>= 8.0 <= 8.0.9 Search vendor "Symantec" for product "Mail Security For Domino" and version " >= 8.0 <= 8.0.9"		-		Affected
Symantec Search vendor "Symantec"		Mail Security For Domino Search vendor "Symantec" for product "Mail Security For Domino"				>= 8.1 <= 8.1.3 Search vendor "Symantec" for product "Mail Security For Domino" and version " >= 8.1 <= 8.1.3"		-		Affected
Symantec Search vendor "Symantec"		Mail Security For Microsoft Exchange Search vendor "Symantec" for product "Mail Security For Microsoft Exchange"				>= 7.0 <= 7.0.4 Search vendor "Symantec" for product "Mail Security For Microsoft Exchange" and version " >= 7.0 <= 7.0.4"		-		Affected
Symantec Search vendor "Symantec"		Mail Security For Microsoft Exchange Search vendor "Symantec" for product "Mail Security For Microsoft Exchange"				>= 7.5 <= 7.5.4 Search vendor "Symantec" for product "Mail Security For Microsoft Exchange" and version " >= 7.5 <= 7.5.4"		-		Affected
Symantec Search vendor "Symantec"		Mail Security For Microsoft Exchange Search vendor "Symantec" for product "Mail Security For Microsoft Exchange"				6.5.8 Search vendor "Symantec" for product "Mail Security For Microsoft Exchange" and version "6.5.8"		-		Affected
Symantec Search vendor "Symantec"		Message Gateway Search vendor "Symantec" for product "Message Gateway"				<= 10.6.1-3 Search vendor "Symantec" for product "Message Gateway" and version " <= 10.6.1-3"		-		Affected