Details of VAR-201606-0018

ID

VAR-201606-0018

CVE

CVE-2016-2210

TITLE

plural Symantec Product decompression engine Dec2LHA.dll Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2016-003443

DESCRIPTION

Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file. plural Symantec Product decompression engine Dec2LHA.dll Contains a buffer overflow vulnerability.A third party may be able to execute arbitrary code via a crafted file. Multiple Symantec products are prone to a buffer-overflow vulnerability. Successful exploits may allow the attacker to execute arbitrary code on a vulnerable system. Failed exploit attempts will likely result in denial-of-service conditions. ATP is a set of software for mining and removing advanced threats in terminals, networks and email gateways; SES: CSP is a lightweight intrusion detection and prevention system client product; SDCS: SA is a software-defined data center Physical and virtual servers provide security protection. The following products and versions are affected: Symantec ATP, SDCS: SA 6.6 MP1 and 6.5 MP1, Critical System Protection (SCSP) 5.2.9 MP6, SES: CSP 1.0 MP5 and 6.5.0 MP1, Symantec Web Security

Trust: 2.07

sources: NVD: CVE-2016-2210 // JVNDB: JVNDB-2016-003443 // BID: 91437 // VULHUB: VHN-91029 // VULMON: CVE-2016-2210

AFFECTED PRODUCTS

vendor:	symantec	model:	data center security server	scope:	eq	version:	6.6	Trust: 1.6
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.5.8	Trust: 1.6
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	12.1.6	Trust: 1.6
vendor:	symantec	model:	message gateway for service providers	scope:	eq	version:	10.6	Trust: 1.0
vendor:	symantec	model:	protection engine	scope:	eq	version:	7.8.0	Trust: 1.0
vendor:	symantec	model:	norton security	scope:	lte	version:	13.0.1	Trust: 1.0
vendor:	symantec	model:	protection for sharepoint servers	scope:	eq	version:	6.06	Trust: 1.0
vendor:	symantec	model:	mail security for domino	scope:	lte	version:	8.0.9	Trust: 1.0
vendor:	symantec	model:	norton power eraser	scope:	lte	version:	5.0	Trust: 1.0
vendor:	symantec	model:	mail security for domino	scope:	gte	version:	8.1	Trust: 1.0
vendor:	symantec	model:	norton internet security	scope:	eq	version:	*	Trust: 1.0
vendor:	symantec	model:	protection for sharepoint servers	scope:	eq	version:	6.04	Trust: 1.0
vendor:	symantec	model:	protection engine	scope:	lte	version:	7.0.5	Trust: 1.0
vendor:	symantec	model:	mail security for domino	scope:	gte	version:	8.0	Trust: 1.0
vendor:	symantec	model:	mail security for domino	scope:	lte	version:	8.1.3	Trust: 1.0
vendor:	symantec	model:	protection engine	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	*	Trust: 1.0
vendor:	symantec	model:	protection for sharepoint servers	scope:	eq	version:	6.05	Trust: 1.0
vendor:	symantec	model:	message gateway for service providers	scope:	eq	version:	10.5	Trust: 1.0
vendor:	symantec	model:	data center security server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	symantec	model:	mail security for microsoft exchange	scope:	gte	version:	7.5	Trust: 1.0
vendor:	symantec	model:	message gateway	scope:	lte	version:	10.6.1-3	Trust: 1.0
vendor:	symantec	model:	data center security server	scope:	eq	version:	6.5	Trust: 1.0
vendor:	symantec	model:	ngc	scope:	lte	version:	22.6	Trust: 1.0
vendor:	symantec	model:	advanced threat protection	scope:	lte	version:	2.0.3	Trust: 1.0
vendor:	symantec	model:	norton security with backup	scope:	eq	version:	*	Trust: 1.0
vendor:	symantec	model:	mail security for microsoft exchange	scope:	gte	version:	7.0	Trust: 1.0
vendor:	symantec	model:	norton bootable removal tool	scope:	lte	version:	2016.0	Trust: 1.0
vendor:	symantec	model:	mail security for microsoft exchange	scope:	lte	version:	7.5.4	Trust: 1.0
vendor:	symantec	model:	protection for sharepoint servers	scope:	eq	version:	6.03	Trust: 1.0
vendor:	symantec	model:	protection engine	scope:	gte	version:	7.5.0	Trust: 1.0
vendor:	symantec	model:	csapi	scope:	lte	version:	10.0.4	Trust: 1.0
vendor:	symantec	model:	mail security for microsoft exchange	scope:	lte	version:	7.0.4	Trust: 1.0
vendor:	symantec	model:	protection engine	scope:	lte	version:	7.5.4	Trust: 1.0
vendor:	symantec	model:	norton security	scope:	eq	version:	*	Trust: 1.0
vendor:	symantec	model:	norton 360	scope:	eq	version:	*	Trust: 1.0
vendor:	symantec	model:	norton security with backup	scope:	eq	version:	ngc 22.7	Trust: 0.8
vendor:	symantec	model:	protection engine	scope:	eq	version:	(spe) 7.8.0	Trust: 0.8
vendor:	symantec	model:	data center security:server	scope:	eq	version:	(sdcs:s) 6.6	Trust: 0.8
vendor:	symantec	model:	message gateway for service providers	scope:	eq	version:	(smg-sp) 10.5	Trust: 0.8
vendor:	symantec	model:	norton 360	scope:	lt	version:	everything	Trust: 0.8
vendor:	symantec	model:	protection engine	scope:	lte	version:	(spe) 7.5.4 and earlier	Trust: 0.8
vendor:	symantec	model:	web gateway	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	norton security with backup	scope:	lt	version:	everything	Trust: 0.8
vendor:	symantec	model:	web security	scope:	eq	version:	.cloud	Trust: 0.8
vendor:	symantec	model:	mail security for domino	scope:	lte	version:	(smsdom) 8.0.9 and earlier	Trust: 0.8
vendor:	symantec	model:	advanced threat protection	scope:	lte	version:	(atp) 2.0.3 and earlier	Trust: 0.8
vendor:	symantec	model:	norton bootable removal tool	scope:	lt	version:	everything	Trust: 0.8
vendor:	symantec	model:	csapi	scope:	lte	version:	10.0.4 and earlier	Trust: 0.8
vendor:	symantec	model:	data center security:server	scope:	eq	version:	(sdcs:s) 6.0	Trust: 0.8
vendor:	symantec	model:	endpoint protection	scope:	lte	version:	for mac (sep for mac) 12.1.6 mp4 and earlier	Trust: 0.8
vendor:	symantec	model:	message gateway for service providers	scope:	eq	version:	(smg-sp) 10.6	Trust: 0.8
vendor:	symantec	model:	protection for sharepoint servers	scope:	eq	version:	(spss) 6.03 to 6.05	Trust: 0.8
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	(smsmse) 6.5.8	Trust: 0.8
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	ngc 22.7	Trust: 0.8
vendor:	symantec	model:	data center security:server	scope:	eq	version:	(sdcs:s) 6.5mp1	Trust: 0.8
vendor:	symantec	model:	norton security	scope:	eq	version:	ngc 22.7	Trust: 0.8
vendor:	symantec	model:	endpoint protection	scope:	lte	version:	for linux (sep for linux) 12.1.6 mp4 and earlier	Trust: 0.8
vendor:	symantec	model:	mail security for microsoft exchange	scope:	lte	version:	(smsmse) 7.0.4 and earlier	Trust: 0.8
vendor:	symantec	model:	norton security	scope:	eq	version:	for mac 13.0.2	Trust: 0.8
vendor:	symantec	model:	norton internet security	scope:	eq	version:	ngc 22.7	Trust: 0.8
vendor:	symantec	model:	protection for sharepoint servers	scope:	lte	version:	(spss) 6.0.6 and earlier	Trust: 0.8
vendor:	symantec	model:	data center security:server	scope:	eq	version:	(sdcs:s) 6.5	Trust: 0.8
vendor:	symantec	model:	mail security for microsoft exchange	scope:	lte	version:	(smsmse) 7.5.4 and earlier	Trust: 0.8
vendor:	symantec	model:	norton security	scope:	lt	version:	everything	Trust: 0.8
vendor:	symantec	model:	norton power eraser	scope:	eq	version:	(npe) 5.1	Trust: 0.8
vendor:	symantec	model:	norton bootable removal tool	scope:	eq	version:	(nbrt) 2016.1	Trust: 0.8
vendor:	symantec	model:	endpoint protection	scope:	lte	version:	(sep) 12.1.6 mp4 and earlier	Trust: 0.8
vendor:	symantec	model:	norton product family	scope:	eq	version:	ngc 22.7	Trust: 0.8
vendor:	symantec	model:	data center security:server	scope:	eq	version:	(sdcs:s) 6.0mp1	Trust: 0.8
vendor:	symantec	model:	data center security:server	scope:	eq	version:	(sdcs:s) 6.6mp1	Trust: 0.8
vendor:	symantec	model:	norton 360	scope:	eq	version:	ngc 22.7	Trust: 0.8
vendor:	symantec	model:	message gateway	scope:	lte	version:	(smg) 10.6.1-3 and earlier	Trust: 0.8
vendor:	symantec	model:	norton antivirus	scope:	lt	version:	everything	Trust: 0.8
vendor:	symantec	model:	norton product family	scope:	lt	version:	everything	Trust: 0.8
vendor:	symantec	model:	norton power eraser	scope:	lt	version:	everything	Trust: 0.8
vendor:	symantec	model:	mail security for domino	scope:	lte	version:	(smsdom) 8.1.3 and earlier	Trust: 0.8
vendor:	symantec	model:	norton internet security	scope:	lt	version:	everything	Trust: 0.8
vendor:	symantec	model:	protection engine	scope:	lte	version:	(spe) 7.0.5 and earlier	Trust: 0.8
vendor:	symantec	model:	email security server	scope:	eq	version:	.cloud (ess)	Trust: 0.8
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.4000.2295	Trust: 0.6
vendor:	symantec	model:	endpoint protection ru6	scope:	eq	version:	11.0	Trust: 0.6
vendor:	symantec	model:	advanced threat protection	scope:	eq	version:	2.0.3	Trust: 0.6
vendor:	symantec	model:	protection engine	scope:	eq	version:	7.0.5	Trust: 0.6
vendor:	symantec	model:	norton security	scope:	eq	version:	13.0.1	Trust: 0.6
vendor:	symantec	model:	protection engine	scope:	eq	version:	7.5.4	Trust: 0.6
vendor:	symantec	model:	message gateway	scope:	eq	version:	10.6.1-3	Trust: 0.6
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	7.5.4	Trust: 0.6
vendor:	symantec	model:	norton power eraser	scope:	eq	version:	5.0	Trust: 0.6
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.0	Trust: 0.3
vendor:	symantec	model:	web gateway	scope:	eq	version:	4.5	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.5.6	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.5.1	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.5	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.11	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.10	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.9	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.8	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.7	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.6	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.5	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.13	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.12	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.11	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.10.382	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.10	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	4.5	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	4.0	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.5.5	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.13	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.12	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.0.1	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.7.373	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.6.368	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.4.363	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.0.024	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	4.6.8.120	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	4.6.5.12	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.0.6	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.0.3	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.10	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.9	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.8	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.7	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.6	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.325	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	5.1	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	5.0.47	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	4.1.4	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	4.1	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	4.0	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.0.9	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.0.8	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.0	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.5.32	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.4.29	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.3.25	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.12	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.11	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.0.19	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	5.1.4.32	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	5.1.2.28	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	4.1.9.37	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.4010.26	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.4010.19	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.4000	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.3001.2224	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.2020.56	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.2010.25	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.2001.10	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.2000.1567	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.781.1287	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.780.1109	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.2	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.1	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	12.1	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	12.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.6200.754	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.4202.75	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.3001	Trust: 0.3
vendor:	symantec	model:	endpoint protection mp2	scope:	eq	version:	11.0.2	Trust: 0.3
vendor:	symantec	model:	endpoint protection mp1	scope:	eq	version:	11.0.2	Trust: 0.3
vendor:	symantec	model:	endpoint protection mp2	scope:	eq	version:	11.0.1	Trust: 0.3
vendor:	symantec	model:	endpoint protection mp1	scope:	eq	version:	11.0.1	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru7 mp2	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru7 mp1	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6mp2	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6mp1	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6a	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6-mp3(11.0.63	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6-mp2(11.0.62	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6-mp1(11.0.61	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6 mp4	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6 mp3	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6 mp2	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6 mp1	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru5	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru4	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection mr3	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection mr2	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection mr1	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru7	scope:	eq	version:	11	Trust: 0.3

sources: BID: 91437 // JVNDB: JVNDB-2016-003443 // NVD: CVE-2016-2210 // CNNVD: CNNVD-201606-628

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2016-2210
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-201606-628
value:	HIGH
Trust: 0.6
VULHUB:	VHN-91029
value:	HIGH
Trust: 0.1
VULMON:	CVE-2016-2210
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	TRUE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2016-2210
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.9
VULHUB:	VHN-91029
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	4.7
version:	3.0
Trust: 1.0
NVD:	CVE-2016-2210
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-91029 // VULMON: CVE-2016-2210 // JVNDB: JVNDB-2016-003443 // NVD: CVE-2016-2210 // CNNVD: CNNVD-201606-628

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-91029 // JVNDB: JVNDB-2016-003443 // NVD: CVE-2016-2210

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201606-628

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201606-628

CONFIGURATIONS

sources: NVD: CVE-2016-2210

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-91029 // VULMON: CVE-2016-2210

PATCH

title:	SYM16-010	url:	https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00	Trust: 0.8
title:	Multiple Symantec and Norton Product Buffer Overflow Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62537	Trust: 0.6
title:	Symantec Security Advisories: Symantec Decomposer Engine Multiple Parsing Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=2d4155876d3176fc7fb3548ce33b0a8f	Trust: 0.1

sources: VULMON: CVE-2016-2210 // JVNDB: JVNDB-2016-003443 // CNNVD: CNNVD-201606-628

EXTERNAL IDS

db:	NVD	id:	CVE-2016-2210	Trust: 2.9
db:	BID	id:	91437	Trust: 2.1
db:	SECTRACK	id:	1036199	Trust: 1.8
db:	SECTRACK	id:	1036198	Trust: 1.8
db:	EXPLOIT-DB	id:	40032	Trust: 1.8
db:	USCERT	id:	TA16-187A	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-003443	Trust: 0.8
db:	CNNVD	id:	CNNVD-201606-628	Trust: 0.7
db:	PACKETSTORM	id:	137707	Trust: 0.1
db:	VULHUB	id:	VHN-91029	Trust: 0.1
db:	VULMON	id:	CVE-2016-2210	Trust: 0.1

sources: VULHUB: VHN-91029 // VULMON: CVE-2016-2210 // BID: 91437 // JVNDB: JVNDB-2016-003443 // NVD: CVE-2016-2210 // CNNVD: CNNVD-201606-628

REFERENCES

url:	https://www.exploit-db.com/exploits/40032/	Trust: 1.9
url:	http://www.securityfocus.com/bid/91437	Trust: 1.8
url:	http://www.securitytracker.com/id/1036198	Trust: 1.8
url:	http://www.securitytracker.com/id/1036199	Trust: 1.8
url:	https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2210	Trust: 0.8
url:	https://www.ipa.go.jp/security/ciadr/vul/20160705-symantec.html	Trust: 0.8
url:	http://jvn.jp/ta/jvnta99096686/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2210	Trust: 0.8
url:	https://www.us-cert.gov/ncas/alerts/ta16-187a	Trust: 0.8
url:	http://www.symantec.com	Trust: 0.3
url:	https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=47120	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-91029 // VULMON: CVE-2016-2210 // BID: 91437 // JVNDB: JVNDB-2016-003443 // NVD: CVE-2016-2210 // CNNVD: CNNVD-201606-628

CREDITS

Tavis Ormandy with Google's Project Zero

Trust: 0.6

sources: CNNVD: CNNVD-201606-628

SOURCES

db:	VULHUB	id:	VHN-91029
db:	VULMON	id:	CVE-2016-2210
db:	BID	id:	91437
db:	JVNDB	id:	JVNDB-2016-003443
db:	NVD	id:	CVE-2016-2210
db:	CNNVD	id:	CNNVD-201606-628

LAST UPDATE DATE

2023-12-18T13:03:18.623000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-91029	date:	2020-05-11T00:00:00
db:	VULMON	id:	CVE-2016-2210	date:	2021-09-08T00:00:00
db:	BID	id:	91437	date:	2016-07-06T15:08:00
db:	JVNDB	id:	JVNDB-2016-003443	date:	2016-07-07T00:00:00
db:	NVD	id:	CVE-2016-2210	date:	2021-09-08T17:19:32.963
db:	CNNVD	id:	CNNVD-201606-628	date:	2019-08-15T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-91029	date:	2016-06-30T00:00:00
db:	VULMON	id:	CVE-2016-2210	date:	2016-06-30T00:00:00
db:	BID	id:	91437	date:	2016-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2016-003443	date:	2016-07-07T00:00:00
db:	NVD	id:	CVE-2016-2210	date:	2016-06-30T23:59:03.667
db:	CNNVD	id:	CNNVD-201606-628	date:	2016-06-29T00:00:00