Vulnerability CVE-2016-2210

Vulnerability Name:

CVE-2016-2210 (CCN-114619)

Assigned:

2016-06-28

Published:

2016-06-28

Updated:

2021-09-08

Summary:

Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file.

CVSS v3 Severity:

7.3 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)
6.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): High

8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Complete

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2016-2210

Source: BID
Type: Third Party Advisory, VDB Entry
91437

Source: CCN
Type: BID-91437
Multiple Symantec Products CVE-2016-2210 Dec2LHA Buffer Overflow Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1036198

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1036199

Source: XF
Type: UNKNOWN
symantec-cve20162210-bo(114619)

Source: CCN
Type: Packet Storm Security [06-29-2016]
Symantec dec2lha Remote Stack Buffer Overflow

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [06-29-2016]

Source: EXPLOIT-DB
Type: Third Party Advisory, VDB Entry
40032

Source: CCN
Type: Symantec Security Advisory SYM16-010
Symantec Decomposer Engine Multiple Parsing Vulnerabilities

Source: CONFIRM
Type: Vendor Advisory
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00

Vulnerable Configuration:

Configuration 1:

cpe:/a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:* (Version >= 7.0 and <= 7.0.4)

OR cpe:/a:symantec:mail_security_for_microsoft_exchange:6.5.8:*:*:*:*:*:*:*

OR cpe:/a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:* (Version >= 7.5 and <= 7.5.4)

Configuration 2:

cpe:/a:symantec:norton_power_eraser:*:*:*:*:*:*:*:* (Version <= 5.0)

Configuration 3:

cpe:/a:symantec:protection_engine:*:*:*:*:*:*:*:* (Version >= 7.0.0 and <= 7.0.5)

OR cpe:/a:symantec:protection_engine:*:*:*:*:*:*:*:* (Version >= 7.5.0 and <= 7.5.4)

OR cpe:/a:symantec:protection_engine:7.8.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:*

OR cpe:/a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:*

OR cpe:/a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:*

OR cpe:/a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:*

OR cpe:/a:symantec:endpoint_protection:12.1.6:mp1a:*:*:*:*:*:*

Configuration 5:

cpe:/a:symantec:message_gateway:*:*:*:*:*:*:*:* (Version <= 10.6.1-3)

Configuration 6:

cpe:/a:symantec:norton_antivirus:*:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_internet_security:*:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_security:*:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_security_with_backup:*:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_360:*:*:*:*:*:*:*:*

AND

cpe:/a:symantec:ngc:*:*:*:*:*:*:*:* (Version <= 22.6)

Configuration 7:

cpe:/a:symantec:message_gateway_for_service_providers:10.6:*:*:*:*:*:*:*

OR cpe:/a:symantec:message_gateway_for_service_providers:10.5:*:*:*:*:*:*:*

Configuration 8:

cpe:/a:symantec:norton_bootable_removal_tool:*:*:*:*:*:*:*:* (Version <= 2016.0)

Configuration 9:

cpe:/a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:* (Version >= 8.0 and <= 8.0.9)

OR cpe:/a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:* (Version >= 8.1 and <= 8.1.3)

Configuration 10:

cpe:/a:symantec:data_center_security_server:6.5:*:*:*:*:*:*:*

OR cpe:/a:symantec:data_center_security_server:6.5:mp1:*:*:*:*:*:*

OR cpe:/a:symantec:data_center_security_server:6.6:*:*:*:*:*:*:*

OR cpe:/a:symantec:data_center_security_server:6.6:mp1:*:*:*:*:*:*

OR cpe:/a:symantec:data_center_security_server:6.0:*:*:*:*:*:*:*

OR cpe:/a:symantec:data_center_security_server:6.0:mp1:*:*:*:*:*:*

Configuration 11:

cpe:/a:symantec:norton_security:*:*:*:*:*:macos:*:* (Version <= 13.0.1)

Configuration 12:

cpe:/a:symantec:advanced_threat_protection:*:*:*:*:*:*:*:* (Version <= 2.0.3)

Configuration 13:

cpe:/a:symantec:protection_for_sharepoint_servers:6.03:*:*:*:*:*:*:*

OR cpe:/a:symantec:protection_for_sharepoint_servers:6.04:*:*:*:*:*:*:*

OR cpe:/a:symantec:protection_for_sharepoint_servers:6.05:*:*:*:*:*:*:*

OR cpe:/a:symantec:protection_for_sharepoint_servers:6.06:*:*:*:*:*:*:*

Configuration 14:

cpe:/a:symantec:csapi:*:*:*:*:*:*:*:* (Version <= 10.0.4)

Configuration 15:

cpe:/a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:*

OR cpe:/a:symantec:endpoint_protection:12.1.6:mp1a:*:*:*:*:*:*

OR cpe:/a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:*

OR cpe:/a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:*

OR cpe:/a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:*

AND

cpe:/o:apple:macos:-:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:symantec:norton_antivirus:*:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_internet_security:*:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_360:1.0:*:*:*:*:*:*:*

OR cpe:/a:symantec:web_gateway:4.5:*:*:*:*:*:*:*

OR cpe:/a:symantec:endpoint_protection:12.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.cisecurity:def:980	V	Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5 – CVE-2016-2210	2016-08-26

BACK