Sign-up

ID

VAR-201606-0019


CVE

CVE-2016-2211


TITLE

plural Symantec Vulnerability in arbitrary code execution in the product decompression engine

Trust: 0.8

sources: JVNDB: JVNDB-2016-003444

DESCRIPTION

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CAB file that is mishandled during decompression. plural Symantec The product decompression engine could execute arbitrary code or interfere with service operation ( Memory corruption ) There are vulnerabilities that are put into a state.Skillfully crafted by a third party to be processed incorrectly during thawing CAB Arbitrary code is executed via a file, or denial of service ( Memory corruption ) There is a possibility of being put into a state. Multiple Symantec products are prone to a memory-corruption vulnerability. An attacker can exploit this issue to cause denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed. ATP is a set of software for mining and removing advanced threats in terminals, networks and email gateways; SES: CSP is a lightweight intrusion detection and prevention system client product; SDCS: SA is a software-defined data center Physical and virtual servers provide security protection. A memory corruption vulnerability exists in the CAB decompression process of the AntiVirus Decomposer engine of several Symantec and Norton products. The following products and versions are affected: Symantec ATP, SDCS: SA 6.6 MP1 and 6.5 MP1, Critical System Protection (SCSP) 5.2.9 MP6, SES: CSP 1.0 MP5 and 6.5.0 MP1, Symantec Web Security

Trust: 2.07

sources: NVD: CVE-2016-2211 // JVNDB: JVNDB-2016-003444 // BID: 91438 // VULHUB: VHN-91030 // VULMON: CVE-2016-2211

AFFECTED PRODUCTS

vendor:symantecmodel:message gateway for service providersscope:eqversion:10.6

Trust: 1.6

vendor:symantecmodel:protection enginescope:eqversion:7.8.0

Trust: 1.6

vendor:symantecmodel:message gateway for service providersscope:eqversion:10.5

Trust: 1.6

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:6.5.8

Trust: 1.6

vendor:symantecmodel:endpoint protectionscope:eqversion:12.1.6

Trust: 1.6

vendor:symantecmodel:norton securityscope:lteversion:13.0.1

Trust: 1.0

vendor:symantecmodel:protection for sharepoint serversscope:eqversion:6.06

Trust: 1.0

vendor:symantecmodel:mail security for dominoscope:lteversion:8.0.9

Trust: 1.0

vendor:symantecmodel:norton power eraserscope:lteversion:5.0

Trust: 1.0

vendor:symantecmodel:mail security for dominoscope:gteversion:8.1

Trust: 1.0

vendor:symantecmodel:norton internet securityscope:eqversion:*

Trust: 1.0

vendor:symantecmodel:data center security serverscope:eqversion:6.6

Trust: 1.0

vendor:symantecmodel:protection for sharepoint serversscope:eqversion:6.04

Trust: 1.0

vendor:symantecmodel:protection enginescope:lteversion:7.0.5

Trust: 1.0

vendor:symantecmodel:mail security for dominoscope:gteversion:8.0

Trust: 1.0

vendor:symantecmodel:mail security for dominoscope:lteversion:8.1.3

Trust: 1.0

vendor:symantecmodel:protection enginescope:gteversion:7.0.0

Trust: 1.0

vendor:symantecmodel:norton antivirusscope:eqversion:*

Trust: 1.0

vendor:symantecmodel:protection for sharepoint serversscope:eqversion:6.05

Trust: 1.0

vendor:symantecmodel:data center security serverscope:eqversion:6.0

Trust: 1.0

vendor:symantecmodel:mail security for microsoft exchangescope:gteversion:7.5

Trust: 1.0

vendor:symantecmodel:message gatewayscope:lteversion:10.6.1-3

Trust: 1.0

vendor:symantecmodel:data center security serverscope:eqversion:6.5

Trust: 1.0

vendor:symantecmodel:ngcscope:lteversion:22.6

Trust: 1.0

vendor:symantecmodel:advanced threat protectionscope:lteversion:2.0.3

Trust: 1.0

vendor:symantecmodel:norton security with backupscope:eqversion:*

Trust: 1.0

vendor:symantecmodel:mail security for microsoft exchangescope:gteversion:7.0

Trust: 1.0

vendor:symantecmodel:norton bootable removal toolscope:lteversion:2016.0

Trust: 1.0

vendor:symantecmodel:mail security for microsoft exchangescope:lteversion:7.5.4

Trust: 1.0

vendor:symantecmodel:protection for sharepoint serversscope:eqversion:6.03

Trust: 1.0

vendor:symantecmodel:protection enginescope:gteversion:7.5.0

Trust: 1.0

vendor:symantecmodel:csapiscope:lteversion:10.0.4

Trust: 1.0

vendor:symantecmodel:mail security for microsoft exchangescope:lteversion:7.0.4

Trust: 1.0

vendor:symantecmodel:protection enginescope:lteversion:7.5.4

Trust: 1.0

vendor:symantecmodel:norton securityscope:eqversion:*

Trust: 1.0

vendor:symantecmodel:norton 360scope:eqversion:*

Trust: 1.0

vendor:symantecmodel:norton security with backupscope:eqversion:ngc 22.7

Trust: 0.8

vendor:symantecmodel:protection enginescope:eqversion:(spe) 7.8.0

Trust: 0.8

vendor:symantecmodel:data center security:serverscope:eqversion:(sdcs:s) 6.6

Trust: 0.8

vendor:symantecmodel:message gateway for service providersscope:eqversion:(smg-sp) 10.5

Trust: 0.8

vendor:symantecmodel:norton 360scope:ltversion:everything

Trust: 0.8

vendor:symantecmodel:protection enginescope:lteversion:(spe) 7.5.4 and earlier

Trust: 0.8

vendor:symantecmodel:web gatewayscope: - version: -

Trust: 0.8

vendor:symantecmodel:norton security with backupscope:ltversion:everything

Trust: 0.8

vendor:symantecmodel:web securityscope:eqversion:.cloud

Trust: 0.8

vendor:symantecmodel:mail security for dominoscope:lteversion:(smsdom) 8.0.9 and earlier

Trust: 0.8

vendor:symantecmodel:advanced threat protectionscope:lteversion:(atp) 2.0.3 and earlier

Trust: 0.8

vendor:symantecmodel:norton bootable removal toolscope:ltversion:everything

Trust: 0.8

vendor:symantecmodel:csapiscope:lteversion:10.0.4 and earlier

Trust: 0.8

vendor:symantecmodel:data center security:serverscope:eqversion:(sdcs:s) 6.0

Trust: 0.8

vendor:symantecmodel:endpoint protectionscope:lteversion:for mac (sep for mac) 12.1.6 mp4 and earlier

Trust: 0.8

vendor:symantecmodel:message gateway for service providersscope:eqversion:(smg-sp) 10.6

Trust: 0.8

vendor:symantecmodel:protection for sharepoint serversscope:eqversion:(spss) 6.03 to 6.05

Trust: 0.8

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:(smsmse) 6.5.8

Trust: 0.8

vendor:symantecmodel:norton antivirusscope:eqversion:ngc 22.7

Trust: 0.8

vendor:symantecmodel:data center security:serverscope:eqversion:(sdcs:s) 6.5mp1

Trust: 0.8

vendor:symantecmodel:norton securityscope:eqversion:ngc 22.7

Trust: 0.8

vendor:symantecmodel:endpoint protectionscope:lteversion:for linux (sep for linux) 12.1.6 mp4 and earlier

Trust: 0.8

vendor:symantecmodel:mail security for microsoft exchangescope:lteversion:(smsmse) 7.0.4 and earlier

Trust: 0.8

vendor:symantecmodel:norton securityscope:eqversion:for mac 13.0.2

Trust: 0.8

vendor:symantecmodel:norton internet securityscope:eqversion:ngc 22.7

Trust: 0.8

vendor:symantecmodel:protection for sharepoint serversscope:lteversion:(spss) 6.0.6 and earlier

Trust: 0.8

vendor:symantecmodel:data center security:serverscope:eqversion:(sdcs:s) 6.5

Trust: 0.8

vendor:symantecmodel:mail security for microsoft exchangescope:lteversion:(smsmse) 7.5.4 and earlier

Trust: 0.8

vendor:symantecmodel:norton securityscope:ltversion:everything

Trust: 0.8

vendor:symantecmodel:norton power eraserscope:eqversion:(npe) 5.1

Trust: 0.8

vendor:symantecmodel:norton bootable removal toolscope:eqversion:(nbrt) 2016.1

Trust: 0.8

vendor:symantecmodel:endpoint protectionscope:lteversion:(sep) 12.1.6 mp4 and earlier

Trust: 0.8

vendor:symantecmodel:norton product familyscope:eqversion:ngc 22.7

Trust: 0.8

vendor:symantecmodel:data center security:serverscope:eqversion:(sdcs:s) 6.0mp1

Trust: 0.8

vendor:symantecmodel:data center security:serverscope:eqversion:(sdcs:s) 6.6mp1

Trust: 0.8

vendor:symantecmodel:norton 360scope:eqversion:ngc 22.7

Trust: 0.8

vendor:symantecmodel:message gatewayscope:lteversion:(smg) 10.6.1-3 and earlier

Trust: 0.8

vendor:symantecmodel:norton antivirusscope:ltversion:everything

Trust: 0.8

vendor:symantecmodel:norton product familyscope:ltversion:everything

Trust: 0.8

vendor:symantecmodel:norton power eraserscope:ltversion:everything

Trust: 0.8

vendor:symantecmodel:mail security for dominoscope:lteversion:(smsdom) 8.1.3 and earlier

Trust: 0.8

vendor:symantecmodel:norton internet securityscope:ltversion:everything

Trust: 0.8

vendor:symantecmodel:protection enginescope:lteversion:(spe) 7.0.5 and earlier

Trust: 0.8

vendor:symantecmodel:email security serverscope:eqversion:.cloud (ess)

Trust: 0.8

vendor:symantecmodel:endpoint protectionscope:eqversion:11.0.4000.2295

Trust: 0.6

vendor:symantecmodel:endpoint protection ru6scope:eqversion:11.0

Trust: 0.6

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:7.0.4

Trust: 0.6

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:7.5.4

Trust: 0.6

vendor:symantecmodel:norton bootable removal toolscope:eqversion:2016.0

Trust: 0.6

vendor:symantecmodel:web gatewayscope:eqversion:5.0.3

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:5.0.1

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:5.0

Trust: 0.3

vendor:symantecmodel:web gatewayscope:eqversion:4.5

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:6.5.6

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:6.5.1

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:6.5

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:6.0.11

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:6.0.10

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:6.0.9

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:6.0.8

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:6.0.7

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:6.0.6

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:6.0.5

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:6.0

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:5.0.13

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:5.0.12

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:5.0.11

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:5.0.10.382

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:5.0.10

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:4.5

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:4.0

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:6.5.5

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:6.0.13

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:6.0.12

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:6.0.0.1

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:5.0.7.373

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:5.0.6.368

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:5.0.4.363

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:5.0.0.024

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:4.6.8.120

Trust: 0.3

vendor:symantecmodel:mail security for microsoft exchangescope:eqversion:4.6.5.12

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:8.0.6

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:8.0.3

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:8.0.2

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:8.0.1

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:7.5.10

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:7.5.9

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:7.5.8

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:7.5.7

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:7.5.6

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:7.5.325

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:5.1

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:5.0.47

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:4.1.4

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:4.1

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:4.0.1

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:4.0

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:8.0.9

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:8.0.8

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:8.0

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:7.5.5.32

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:7.5.4.29

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:7.5.3.25

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:7.5.12

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:7.5.11

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:7.5.0.19

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:7.5

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:5.1.4.32

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:5.1.2.28

Trust: 0.3

vendor:symantecmodel:mail security for dominoscope:eqversion:4.1.9.37

Trust: 0.3

vendor:symantecmodel:endpoint protectionscope:eqversion:11.0.4010.26

Trust: 0.3

vendor:symantecmodel:endpoint protectionscope:eqversion:11.0.4010.19

Trust: 0.3

vendor:symantecmodel:endpoint protectionscope:eqversion:11.0.4000

Trust: 0.3

vendor:symantecmodel:endpoint protectionscope:eqversion:11.0.3001.2224

Trust: 0.3

vendor:symantecmodel:endpoint protectionscope:eqversion:11.0.2020.56

Trust: 0.3

vendor:symantecmodel:endpoint protectionscope:eqversion:11.0.2010.25

Trust: 0.3

vendor:symantecmodel:endpoint protectionscope:eqversion:11.0.2001.10

Trust: 0.3

vendor:symantecmodel:endpoint protectionscope:eqversion:11.0.2000.1567

Trust: 0.3

vendor:symantecmodel:endpoint protectionscope:eqversion:11.0.781.1287

Trust: 0.3

vendor:symantecmodel:endpoint protectionscope:eqversion:11.0.780.1109

Trust: 0.3

vendor:symantecmodel:endpoint protectionscope:eqversion:11.0.2

Trust: 0.3

vendor:symantecmodel:endpoint protectionscope:eqversion:11.0.1

Trust: 0.3

vendor:symantecmodel:endpoint protectionscope:eqversion:12.1

Trust: 0.3

vendor:symantecmodel:endpoint protectionscope:eqversion:12.0

Trust: 0.3

vendor:symantecmodel:endpoint protectionscope:eqversion:11.0.6200.754

Trust: 0.3

vendor:symantecmodel:endpoint protectionscope:eqversion:11.0.4202.75

Trust: 0.3

vendor:symantecmodel:endpoint protectionscope:eqversion:11.0.3001

Trust: 0.3

vendor:symantecmodel:endpoint protection mp2scope:eqversion:11.0.2

Trust: 0.3

vendor:symantecmodel:endpoint protection mp1scope:eqversion:11.0.2

Trust: 0.3

vendor:symantecmodel:endpoint protection mp2scope:eqversion:11.0.1

Trust: 0.3

vendor:symantecmodel:endpoint protection mp1scope:eqversion:11.0.1

Trust: 0.3

vendor:symantecmodel:endpoint protection ru7 mp2scope:eqversion:11.0

Trust: 0.3

vendor:symantecmodel:endpoint protection ru7 mp1scope:eqversion:11.0

Trust: 0.3

vendor:symantecmodel:endpoint protection ru6mp2scope:eqversion:11.0

Trust: 0.3

vendor:symantecmodel:endpoint protection ru6mp1scope:eqversion:11.0

Trust: 0.3

vendor:symantecmodel:endpoint protection ru6ascope:eqversion:11.0

Trust: 0.3

vendor:symantecmodel:endpoint protection ru6-mp3(11.0.63scope:eqversion:11.0

Trust: 0.3

vendor:symantecmodel:endpoint protection ru6-mp2(11.0.62scope:eqversion:11.0

Trust: 0.3

vendor:symantecmodel:endpoint protection ru6-mp1(11.0.61scope:eqversion:11.0

Trust: 0.3

vendor:symantecmodel:endpoint protection ru6 mp4scope:eqversion:11.0

Trust: 0.3

vendor:symantecmodel:endpoint protection ru6 mp3scope:eqversion:11.0

Trust: 0.3

vendor:symantecmodel:endpoint protection ru6 mp2scope:eqversion:11.0

Trust: 0.3

vendor:symantecmodel:endpoint protection ru6 mp1scope:eqversion:11.0

Trust: 0.3

vendor:symantecmodel:endpoint protection ru5scope:eqversion:11.0

Trust: 0.3

vendor:symantecmodel:endpoint protection ru4scope:eqversion:11.0

Trust: 0.3

vendor:symantecmodel:endpoint protection mr3scope:eqversion:11.0

Trust: 0.3

vendor:symantecmodel:endpoint protection mr2scope:eqversion:11.0

Trust: 0.3

vendor:symantecmodel:endpoint protection mr1scope:eqversion:11.0

Trust: 0.3

vendor:symantecmodel:endpoint protectionscope:eqversion:11.0

Trust: 0.3

vendor:symantecmodel:endpoint protection ru7scope:eqversion:11

Trust: 0.3

sources: BID: 91438 // JVNDB: JVNDB-2016-003444 // NVD: CVE-2016-2211 // CNNVD: CNNVD-201606-629

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-2211
value: HIGH

Trust: 1.8

CNNVD: CNNVD-201606-629
value: HIGH

Trust: 0.6

VULHUB: VHN-91030
value: HIGH

Trust: 0.1

VULMON: CVE-2016-2211
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2016-2211
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

VULHUB: VHN-91030
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2016-2211
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-91030 // VULMON: CVE-2016-2211 // JVNDB: JVNDB-2016-003444 // NVD: CVE-2016-2211 // CNNVD: CNNVD-201606-629

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-91030 // JVNDB: JVNDB-2016-003444 // NVD: CVE-2016-2211

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201606-629

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201606-629

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-2211

PATCH
title:SYM16-010url:https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00
Trust: 0.8
title:Multiple Symantec  and Norton Product memory corruption vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62538
Trust: 0.6
title:Symantec Security Advisories: Symantec Decomposer Engine Multiple Parsing Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=2d4155876d3176fc7fb3548ce33b0a8f
Trust: 0.1
sources:
            
            
            VULMON: CVE-2016-2211 // 
            
            
            
            JVNDB: JVNDB-2016-003444 // 
            
            
            
            CNNVD: CNNVD-201606-629

EXTERNAL IDS
db:NVDid:CVE-2016-2211
Trust: 2.9
db:BIDid:91438
Trust: 2.1
db:SECTRACKid:1036198
Trust: 1.8
db:SECTRACKid:1036199
Trust: 1.8
db:USCERTid:TA16-187A
Trust: 0.8
db:JVNDBid:JVNDB-2016-003444
Trust: 0.8
db:CNNVDid:CNNVD-201606-629
Trust: 0.7
db:PACKETSTORMid:137708
Trust: 0.1
db:VULHUBid:VHN-91030
Trust: 0.1
db:VULMONid:CVE-2016-2211
Trust: 0.1
sources:
            
            
            VULHUB: VHN-91030 // 
            
            
            
            VULMON: CVE-2016-2211 // 
            
            
            
            BID: 91438 // 
            
            
            
            JVNDB: JVNDB-2016-003444 // 
            
            
            
            NVD: CVE-2016-2211 // 
            
            
            
            CNNVD: CNNVD-201606-629

REFERENCES
url:http://www.securityfocus.com/bid/91438
Trust: 1.9
url:http://www.securitytracker.com/id/1036198
Trust: 1.8
url:http://www.securitytracker.com/id/1036199
Trust: 1.8
url:https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2211
Trust: 0.8
url:https://www.ipa.go.jp/security/ciadr/vul/20160705-symantec.html
Trust: 0.8
url:http://jvn.jp/ta/jvnta99096686/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2211
Trust: 0.8
url:https://www.us-cert.gov/ncas/alerts/ta16-187a
Trust: 0.8
url:http://www.symantec.com
Trust: 0.3
url:https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.symantec.com/en_us/article.symsa1371.html
Trust: 0.1
sources:
            
            
            VULHUB: VHN-91030 // 
            
            
            
            VULMON: CVE-2016-2211 // 
            
            
            
            BID: 91438 // 
            
            
            
            JVNDB: JVNDB-2016-003444 // 
            
            
            
            NVD: CVE-2016-2211 // 
            
            
            
            CNNVD: CNNVD-201606-629

CREDITS
Tavis Ormandy with Google's Project Zero
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201606-629

SOURCES
db:VULHUBid:VHN-91030
db:VULMONid:CVE-2016-2211
db:BIDid:91438
db:JVNDBid:JVNDB-2016-003444
db:NVDid:CVE-2016-2211
db:CNNVDid:CNNVD-201606-629

LAST UPDATE DATE
2023-12-18T13:03:18.697000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-91030date:2020-05-11T00:00:00
db:VULMONid:CVE-2016-2211date:2021-09-08T00:00:00
db:BIDid:91438date:2016-07-06T15:08:00
db:JVNDBid:JVNDB-2016-003444date:2016-07-07T00:00:00
db:NVDid:CVE-2016-2211date:2021-09-08T17:19:33
db:CNNVDid:CNNVD-201606-629date:2019-08-15T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-91030date:2016-06-30T00:00:00
db:VULMONid:CVE-2016-2211date:2016-06-30T00:00:00
db:BIDid:91438date:2016-06-28T00:00:00
db:JVNDBid:JVNDB-2016-003444date:2016-07-07T00:00:00
db:NVDid:CVE-2016-2211date:2016-06-30T23:59:04.730
db:CNNVDid:CNNVD-201606-629date:2016-06-29T00:00:00