CVE-2016-5310

Published Apr 14, 2017

Last updated 3 years ago

CVSS medium 5.5

Overview

Description: The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.
Source: secure@symantec.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:broadcom:symantec_data_center_security_server:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A85D64F-2912-4B59-9CF0-5266F5A44DB6"
          },
          {
            "criteria": "cpe:2.3:a:symantec:advanced_threat_protection:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75EE5143-C90B-4E7F-BA5F-5B17995A8D81"
          },
          {
            "criteria": "cpe:2.3:a:symantec:csapi:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B105323B-438B-4506-9575-5D55AB837D53",
            "versionEndIncluding": "10.0.4"
          },
          {
            "criteria": "cpe:2.3:a:symantec:email_security.cloud:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E9CB569-FE96-4783-A84F-BEE055DDED1D"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:mac:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D98041D2-B769-4E3F-A072-6A2047082F09",
            "versionEndIncluding": "12.1.4"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FE459CB-A040-4F02-8215-6B7BC4B9CEA9",
            "versionEndIncluding": "12.1.6"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB7A2E78-E9C9-4B54-83BA-1D76B320A2BB",
            "versionEndIncluding": "12.1.6"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection_cloud:-:*:*:*:*:mac:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48B6AC19-877E-42C9-A0C7-17B6002E9542"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection_cloud:-:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9D06586-95B0-40F6-AF01-ABF6CDF4C607"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection_for_small_business:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6720563F-0EE7-475E-968E-C5054CB0EEDE",
            "versionEndIncluding": "12.1"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection_for_small_business:-:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "394A10F2-1147-4744-873B-5B0D38E371F6"
          },
          {
            "criteria": "cpe:2.3:a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "748F255D-C57D-4483-A083-A8A904083535",
            "versionEndIncluding": "8.0.9"
          },
          {
            "criteria": "cpe:2.3:a:symantec:mail_security_for_domino:8.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39AFBF7D-1101-4318-AC60-330329A82390"
          },
          {
            "criteria": "cpe:2.3:a:symantec:mail_security_for_domino:8.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93C49CF4-0B0C-4208-A774-5CA4756DD2FA"
          },
          {
            "criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7702EB09-8678-4F9A-97E5-C8FAD7E88D07",
            "versionEndIncluding": "6.5.8"
          },
          {
            "criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27E28201-1358-44A9-9C62-25D7E8FEBEAD"
          },
          {
            "criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A066F69C-9CDF-40F6-A251-E746D6D6D6A0"
          },
          {
            "criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE3E4851-D48E-4865-B15A-48F8C5B01A8D"
          },
          {
            "criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5DD08A2-273B-4AE8-BD68-96407106DB89"
          },
          {
            "criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C726BA76-DF5A-4F82-B861-C5468B8950E8"
          },
          {
            "criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0BE5FC3-6FCE-49A1-AD9B-D37098A63E6C"
          },
          {
            "criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B36A5DF7-7FBD-48E2-A053-0FF65C1D97F9"
          },
          {
            "criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEEFFE2C-BAA1-4879-8198-3FD8433117C6"
          },
          {
            "criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "263ED902-F90D-44D1-A19B-CD7C1C96C918"
          },
          {
            "criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F0B5687-BB44-455A-99C9-5A1A31170783"
          },
          {
            "criteria": "cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A721B7B-6A30-4671-8ED7-FB10A51585ED",
            "versionEndIncluding": "10.6.1"
          },
          {
            "criteria": "cpe:2.3:a:symantec:messaging_gateway_for_service_providers:10.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E43B415E-7C78-4DE8-9075-30A17A026DA4"
          },
          {
            "criteria": "cpe:2.3:a:symantec:messaging_gateway_for_service_providers:10.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02C60D4C-9A49-45EC-AC34-09B312B56D22"
          },
          {
            "criteria": "cpe:2.3:a:symantec:protection_engine:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30C55CDA-FE49-4870-800B-BEDD0AD2128A",
            "versionEndIncluding": "7.0.5"
          },
          {
            "criteria": "cpe:2.3:a:symantec:protection_engine:7.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10A30D31-6D0A-48B0-9D96-7FECE032F288"
          },
          {
            "criteria": "cpe:2.3:a:symantec:protection_engine:7.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "139B24CF-61DE-4891-BCB8-E2199067FD13"
          },
          {
            "criteria": "cpe:2.3:a:symantec:protection_engine:7.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10F4C9B3-48EA-4E57-B7E9-1E51E7D87F31"
          },
          {
            "criteria": "cpe:2.3:a:symantec:protection_engine:7.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3B74A56-84F4-47AA-99BE-91F147B56FD7"
          },
          {
            "criteria": "cpe:2.3:a:symantec:protection_engine:7.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F235281-B0A6-4099-9E90-4EFDA3349E23"
          },
          {
            "criteria": "cpe:2.3:a:symantec:protection_engine:7.5.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D00F417-0D5F-43CA-8F01-66615CC32E49"
          },
          {
            "criteria": "cpe:2.3:a:symantec:protection_engine:7.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "580CEE93-D3FA-4D94-909B-DCBD18889E7F"
          },
          {
            "criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3FE3368B-DB3A-4EA2-8A8F-C6B8E78FCD00"
          },
          {
            "criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3FC77EBB-A8E6-4CA4-9CEE-03EFF8E57DB7"
          },
          {
            "criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F79636A0-C052-4F7C-B968-38959FABBA2C"
          },
          {
            "criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9369C5EC-B72D-485C-A0C2-72A86F65192D"
          },
          {
            "criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67610E7A-D88F-40FD-9559-D020090FF000"
          },
          {
            "criteria": "cpe:2.3:a:symantec:web_gateway:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D32D1F17-65A7-49F7-B2C7-4AF4F5B8E311"
          },
          {
            "criteria": "cpe:2.3:a:symantec:web_security.cloud:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82F1B16C-252B-4390-8CC9-B4509A0F0F13"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References