Symantec Endpoint Protection Client 12.1.x < 12.1.6 MP6 Multiple DoS (SYM16-015)

The version of Symantec Endpoint Protection SEP Client installed on the remote Windows host is 12.1.x prior to 12.1.6 MP6 or else 12.1.6 MP5 without a hotfix. It is, therefore, affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists in the decomposer...

Symantec Mail Security for Exchange and Domino Decomposer Engine Multiple DoS (SYM16-015)

The version of Symantec Mail Security for Exchange SMSMSE or Symantec Mail Security for Domino SMSDOM installed on the remote Windows host is affected by multiple denial of service vulnerabilities in the decomposer engine : - A denial of service vulnerability exists in the decomposer engine due t...

Symantec Protection for SharePoint Servers 6.0.3 - 6.0.5 < HF2.5 / 6.0.6 < HF2.6 / 6.0.7 < HF2.7 Multiple DoS (SYM16-015)

The version of Symantec Protection for SharePoint Servers SPSS installed on the remote host is 6.0.3 to 6.0.5 prior to hotfix 2.5, 6.0.6 prior to hotfix 2.6, or 6.0.7 prior to hotfix 2.7. It is, therefore, affected by multiple denial of service vulnerabilities : - A denial of service vulnerabilit...

Symantec Messaging Gateway 10.x < 10.6.2 Multiple Vulnerabilities (SYM16-015) (SYM16-016)

According to its self-reported version number, the Symantec Messaging Gateway SMG running on the remote host is 10.x prior to 10.6.2. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in the decomposer engine due to an out-of-bounds read error tha...

Symantec RAR Decomposer Engine (Multiple Products) - Out-of-Bounds Read / Out-of-Bounds Write

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=867 In issue 810 we pointed out to Symantec that they hadn't updated their unrar based unpacker for years, and it was vulnerable to dozens of publicly documented flaws. I had expected Symantec to rebase on 5.4.2 the latest version ...

Symantec rar Decomposer Engine (Multiple Products) - Out-of-Bounds Read / Out-of-Bounds Write

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=867 In issue 810 we pointed out to Symantec that they hadn't updated their unrar based unpacker for years, and it was vulnerable to dozens of publicly documented flaws. I had...

Symantec Decomposer Engine Security Update

SUMMARY Symantec has released an update to address two issues in the RAR file parser component of the antivirus decomposer engine used by multiple Symantec products. Parsing of maliciously formatted RAR container files may cause an application-level denial of service condition. AFFECTED PRODUCTS...

Symantec Norton Internet Security Decomposer Engine Multiple Parsing Vulnerabilities

Symantec Norton Internet Security is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Symantec Norton Security Decomposer Engine Multiple Parsing Vulnerabilities

Symantec Norton Security is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Symantec Norton 360 Decomposer Engine Multiple Parsing Vulnerabilities

Symantec Norton 360 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:symantec:norton360";...

Symantec Norton AntiVirus Decomposer Engine Multiple Parsing Vulnerabilities

Symantec Norton AntiVirus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2016-3646

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ATP; Symantec Data Center Security:Server SDCS:S 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection SEP before 12.1 RU6 MP5; Symantec Endpoint Protection SEP for Mac; Symantec Endpoint Protection SEP for...

CVE-2016-3645

Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection ATP; Symantec Data Center Security:Server SDCS:S 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection SEP before 12.1 RU6 MP5; Symantec Endpoint Protection SEP for Ma...

Buffer overflow

Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection ATP; Symantec Data Center Security:Server SDCS:S 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection SEP before 12.1 RU6 MP5; Symantec Endpoint Protection SEP for Mac;...

CVE-2016-2207

The CVE-2016-2207 family is associated with multiple Symantec products (Norton/Norton AntiVirus/Norton Internet Security/Norton 360, SEP, SPE, SMSMSE, SMSDOM, SPSS, SWG, and related protection engines) and third-party components (Unpack ShortLZ in UnRAR, Dec2LHA, libmspack, MIME parsing, TNEF, ZI...

Memory Corruption Vulnerability in Multiple Symantec and Norton Products (CNVD-2016-04441)

Symantec Advanced Threat Protection ATP, Symantec Embedded Security:Critical System Protection SES:CSP, and Symantec Data Center Security: Server Advanced SDCS:SA are security products from Symantec Corporation. Advanced SDCS:SA are security products from Symantec, Inc. ATP is a suite of software...

Memory Corruption Vulnerability in Multiple Symantec and Norton Products (CNVD-2016-04437)

Symantec Advanced Threat Protection ATP, Symantec Embedded Security:Critical System Protection SES:CSP and Symantec Data Center Security: Server Advanced SDCS:SA are security products from Symantec Corporation. Advanced SDCS:SA are security products from Symantec, Inc. ATP is a suite of software...

Buffer overflow vulnerability in multiple Symantec and Norton products (CNVD-2016-04440)

Symantec Advanced Threat Protection ATP, Symantec Embedded Security:Critical System Protection SES:CSP, and Symantec Data Center Security: Server Advanced SDCS:SA are security products from Symantec Corporation. Advanced SDCS:SA are security products from Symantec, Inc. ATP is a suite of software...

Symantec Endpoint Protection Management Console RCE Vulnerability

Symantec Endpoint Protection is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Symantec Endpoint Protection Management Console Remote Code Execution Vulnerability

This host is installed with Symantec Endpoint Protection and is prone to remote code execution vulnerability. OpenVAS Vulnerability Test $Id: gbsymantecsepremotecodeexecvuln.nasl 6517 2017-07-04 13:34:20Z cfischer $ Symantec Endpoint Protection Management Console Remote Code Execution Vulnerabili...