// For flags

CVE-2017-6324

 

Severity Score

7.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality resident to the application.

El producto Symantec Messaging Gateway, cuando procesa un archivo adjunto de correo electrónico específico, puede permitir que un archivo de Word malformado o corrupto con una macro potencialmente maliciosa a pesar de que el administrador tiene habilitada la funcionalidad “disarm”. Esto constituye un “bypass” de la funcionalidad disarm residente en la aplicación.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-02-26 CVE Reserved
  • 2017-06-26 CVE Published
  • 2024-05-29 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Symantec
Search vendor "Symantec"
 Messaging Gateway
Search vendor "Symantec" for product "Messaging Gateway"
 <= 10.6.2
Search vendor "Symantec" for product "Messaging Gateway" and version " <= 10.6.2"
-
Affected