Published: 19/05/2016 Updated: 01/12/2016

CVSS v2 Base Score: 9.4 | Impact Score: 9.2 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 945

Vector: AV:N/AC:L/Au:N/C:N/I:C/A:C

The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 prior to 20151.1.1.4 allows remote malicious users to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
symantec anti-virus engine

Source: bugschromiumorg/p/project-zero/issues/detail?id=820 When parsing executables packed by an early version of aspack, a buffer overflow can occur in the core Symantec Antivirus Engine used in most Symantec and Norton branded Antivirus products The problem occurs when section data is truncated, that is, when SizeOfRawData is greater ...

CWE-399 http://www.securityfocus.com/bid/90653 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20160516_00 http://www.securitytracker.com/id/1035903 https://www.exploit-db.com/exploits/39835/https://bugs.chromium.org/p/project-zero/issues/detail?id=820 https://nvd.nist.gov https://www.exploit-db.com/exploits/39835/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-2208

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect