Vulnerability Name: CVE-2016-3646 (CCN-114615) Assigned: 2016-06-28 Published: 2016-06-28 Updated: 2020-05-11 Summary: The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted ZIP archive that is mishandled during decompression. CVSS v3 Severity: 8.4 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.6 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-20 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2016-3646 91435 Multiple Symantec Products CVE-2016 -3646 ZIP Decompression Denial Of Service Vulnerability 1036198 1036199 symantec-cve20163646-code-exec(114615) Symantec dec2zip ALPkOldFormatDecompressor::UnShrink Missing Bounds Check Offensive Security Exploit Database [06-29-2016] 40036 Symantec Decomposer Engine Multiple Parsing Vulnerabilities https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00 Vulnerable Configuration: Configuration 1 :cpe:/a:symantec:norton_security:*:*:*:*:*:macos:*:* (Version <= 13.0.1)Configuration 2 :cpe:/a:symantec:protection_engine:*:*:*:*:*:*:*:* (Version >= 7.0.0 and <= 7.0.5)OR cpe:/a:symantec:protection_engine:*:*:*:*:*:*:*:* (Version >= 7.5.0 and <= 7.5.4) OR cpe:/a:symantec:protection_engine:7.8.0:*:*:*:*:*:*:* Configuration 3 :cpe:/a:symantec:advanced_threat_protection:*:*:*:*:*:*:*:* (Version <= 2.0.3)Configuration 4 :cpe:/a:symantec:norton_bootable_removal_tool:*:*:*:*:*:*:*:* (Version <= 2016.0)Configuration 5 :cpe:/a:symantec:data_center_security_server:6.0:*:*:*:*:*:*:* OR cpe:/a:symantec:data_center_security_server:6.0:mp1:*:*:*:*:*:* OR cpe:/a:symantec:data_center_security_server:6.5:*:*:*:*:*:*:* OR cpe:/a:symantec:data_center_security_server:6.5:mp1:*:*:*:*:*:* OR cpe:/a:symantec:data_center_security_server:6.6:*:*:*:*:*:*:* OR cpe:/a:symantec:data_center_security_server:6.6:mp1:*:*:*:*:*:* Configuration 6 :cpe:/a:symantec:protection_for_sharepoint_servers:*:*:*:*:*:*:*:* (Version >= 6.0 and <= 6.0.6)OR cpe:/a:symantec:protection_for_sharepoint_servers:*:*:*:*:*:*:*:* (Version >= 6.03 and <= 6.05) Configuration 7 :cpe:/a:symantec:message_gateway_for_service_providers:10.5:*:*:*:*:*:*:* OR cpe:/a:symantec:message_gateway_for_service_providers:10.6:*:*:*:*:*:*:* Configuration 8 :cpe:/a:symantec:csapi:*:*:*:*:*:*:*:* (Version <= 10.0.4)Configuration 9 :cpe:/a:symantec:endpoint_protection:12.1.6:*:*:*:*:*:*:* OR cpe:/a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:* OR cpe:/a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:* OR cpe:/a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:* OR cpe:/a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:* OR cpe:/a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:linux:*:* OR cpe:/a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:macos:*:* Configuration 10 :cpe:/a:symantec:norton_power_eraser:*:*:*:*:*:*:*:* (Version <= 5.0)Configuration 11 :cpe:/a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:* (Version >= 8.0 and <= 8.0.9)OR cpe:/a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:* (Version >= 8.1 and <= 8.1.3) Configuration 12 :cpe:/a:symantec:mail_security_for_microsoft_exchange:6.5.8:*:*:*:*:*:*:* OR cpe:/a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:* (Version >= 7.0 and <= 7.0.4) OR cpe:/a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:* (Version >= 7.5 and <= 7.5.4) Configuration 13 :cpe:/a:symantec:message_gateway:*:*:*:*:*:*:*:* (Version <= 10.6.1-3)Configuration 14 :cpe:/a:symantec:norton_360:*:*:*:*:*:*:*:* OR cpe:/a:symantec:norton_antivirus:*:*:*:*:*:*:*:* OR cpe:/a:symantec:norton_internet_security:*:*:*:*:*:*:*:* OR cpe:/a:symantec:norton_security:*:*:*:*:*:*:*:* OR cpe:/a:symantec:norton_security_with_backup:*:*:*:*:*:*:*:* AND cpe:/a:symantec:ngc:*:*:*:*:*:*:*:* (Version <= 22.6) Configuration CCN 1 :cpe:/a:symantec:norton_antivirus:*:*:*:*:*:*:*:* OR cpe:/a:symantec:norton_internet_security:*:*:*:*:*:*:*:* OR cpe:/a:symantec:norton_360:1.0:*:*:*:*:*:*:* OR cpe:/a:symantec:web_gateway:4.5:*:*:*:*:*:*:* OR cpe:/a:symantec:endpoint_protection:12.1:*:*:*:*:*:*:* Oval Definitions BACK
symantec norton security *
symantec protection engine *
symantec protection engine *
symantec protection engine 7.8.0
symantec advanced threat protection *
symantec norton bootable removal tool *
symantec data center security server 6.0
symantec data center security server 6.0 mp1
symantec data center security server 6.5
symantec data center security server 6.5 mp1
symantec data center security server 6.6
symantec data center security server 6.6 mp1
symantec protection for sharepoint servers *
symantec protection for sharepoint servers *
symantec message gateway for service providers 10.5
symantec message gateway for service providers 10.6
symantec csapi *
symantec endpoint protection 12.1.6
symantec endpoint protection 12.1.6 mp1
symantec endpoint protection 12.1.6 mp2
symantec endpoint protection 12.1.6 mp3
symantec endpoint protection 12.1.6 mp4
symantec endpoint protection 12.1.6 mp4
symantec endpoint protection 12.1.6 mp4
symantec norton power eraser *
symantec mail security for domino *
symantec mail security for domino *
symantec mail security for microsoft exchange 6.5.8
symantec mail security for microsoft exchange *
symantec mail security for microsoft exchange *
symantec message gateway *
symantec norton 360 *
symantec norton antivirus *
symantec norton internet security *
symantec norton security *
symantec norton security with backup *
symantec ngc *
symantec norton antivirus *
symantec norton internet security *
symantec norton 360 1.0
symantec web gateway 4.5
symantec endpoint protection 12.1
Denotes that component is vulnerable