Published: 30/06/2016 Updated: 08/09/2021

CVSS v2 Base Score: 9 | Impact Score: 8.5 | Exploitability Score: 10

CVSS v3 Base Score: 7.3 | Impact Score: 4.7 | Exploitability Score: 2.5

VMScore: 905

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C

Subscribe to Mail Security For Microsoft Exchange

Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x up to and including 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) prior to 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux prior to 12.1 RU6 MP5; Symantec Protection Engine (SPE) prior to 7.0.5 HF01, 7.5.x prior to 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 up to and including 6.0.5 prior to 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) prior to 7.0_3966002 HF1.1 and 7.5.x prior to 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) prior to 8.0.9 HF1.1 and 8.1.x prior to 8.1.3 HF1.2; CSAPI prior to 10.0.4 HF01; Symantec Message Gateway (SMG) prior to 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac prior to 13.0.2; Norton Power Eraser (NPE) prior to 5.1; and Norton Bootable Removal Tool (NBRT) prior to 2016.1 allows remote malicious users to execute arbitrary code via a crafted file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
symantec mail security for microsoft exchange 6.5.8
symantec mail security for microsoft exchange
symantec norton power eraser
symantec protection engine 7.8.0
symantec protection engine
symantec endpoint protection 12.1.6
symantec message gateway
symantec norton_360
symantec norton_antivirus
symantec norton_internet_security
symantec norton_security_with_backup
symantec norton_security
symantec ngc
symantec message gateway for service providers 10.5
symantec message gateway for service providers 10.6
symantec norton bootable removal tool
symantec mail security for domino
symantec data center security server 6.0
symantec data center security server 6.5
symantec data center security server 6.6
symantec norton security
symantec advanced threat protection
symantec protection for sharepoint servers 6.03
symantec protection for sharepoint servers 6.05
symantec protection for sharepoint servers 6.04
symantec protection for sharepoint servers 6.06
symantec csapi
symantec endpoint_protection 12.1.6

Source: bugschromiumorg/p/project-zero/issues/detail?id=823 A PowerPoint PPT file is a complicated OLE compound document comprising of a series of streams The format is described by Microsoft in [MS-PPT] msdnmicrosoftcom/en-us/library/office/cc313106(v=office12)aspx Symantec have implemented an I/O abstraction layer for s ...

CWE-119 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00 http://www.securityfocus.com/bid/91436 http://www.securitytracker.com/id/1036199 http://www.securitytracker.com/id/1036198 https://www.exploit-db.com/exploits/40037/https://nvd.nist.gov https://www.exploit-db.com/exploits/40037/

CVE-2016-2209

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect