Details of VAR-201606-0106

ID

VAR-201606-0106

CVE

CVE-2016-3645

TITLE

plural Symantec Product decompression engine TNEF Unpacker integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-003446

DESCRIPTION

Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to have an unspecified impact via crafted TNEF data. plural Symantec Product decompression engine TNEF Unpacker contains an integer overflow vulnerability.Skillfully crafted by a third party TNEF There is a possibility of unspecified influence through the data. Multiple Symantec products are prone to an integer-overflow vulnerability. Successful exploits may allow the attacker to execute arbitrary code on a vulnerable system. Failed exploit attempts likely result in denial-of-service conditions. ATP is a set of software for mining and removing advanced threats in terminals, networks and email gateways; SES: CSP is a lightweight intrusion detection and prevention system client product; SDCS: SA is a software-defined data center Physical and virtual servers provide security protection. An integer overflow vulnerability exists in the TNEF unpacker of the AntiVirus Decomposer engine of several Symantec and Norton products. The following products and versions are affected: Symantec ATP, SDCS: SA 6.6 MP1 and 6.5 MP1, Critical System Protection (SCSP) 5.2.9 MP6, SES: CSP 1.0 MP5 and 6.5.0 MP1, Symantec Web Security

Trust: 2.07

sources: NVD: CVE-2016-3645 // JVNDB: JVNDB-2016-003446 // BID: 91439 // VULHUB: VHN-92464 // VULMON: CVE-2016-3645

AFFECTED PRODUCTS

vendor:	symantec	model:	message gateway for service providers	scope:	eq	version:	10.6	Trust: 1.6
vendor:	symantec	model:	message gateway for service providers	scope:	eq	version:	10.5	Trust: 1.6
vendor:	symantec	model:	data center security server	scope:	eq	version:	6.0	Trust: 1.6
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.5.8	Trust: 1.6
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	12.1.6	Trust: 1.6
vendor:	symantec	model:	protection engine	scope:	eq	version:	7.8.0	Trust: 1.0
vendor:	symantec	model:	norton security	scope:	lte	version:	13.0.1	Trust: 1.0
vendor:	symantec	model:	mail security for microsoft exchange	scope:	lte	version:	7.0.4	Trust: 1.0
vendor:	symantec	model:	data center security server	scope:	eq	version:	6.6	Trust: 1.0
vendor:	symantec	model:	norton power eraser	scope:	lte	version:	5.0	Trust: 1.0
vendor:	symantec	model:	mail security for domino	scope:	lte	version:	8.0.9	Trust: 1.0
vendor:	symantec	model:	mail security for domino	scope:	gte	version:	8.1	Trust: 1.0
vendor:	symantec	model:	norton internet security	scope:	eq	version:	*	Trust: 1.0
vendor:	symantec	model:	mail security for domino	scope:	gte	version:	8.0	Trust: 1.0
vendor:	symantec	model:	mail security for domino	scope:	lte	version:	8.1.3	Trust: 1.0
vendor:	symantec	model:	protection for sharepoint servers	scope:	lte	version:	6.0.6	Trust: 1.0
vendor:	symantec	model:	protection for sharepoint servers	scope:	gte	version:	6.03	Trust: 1.0
vendor:	symantec	model:	protection engine	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	*	Trust: 1.0
vendor:	symantec	model:	mail security for microsoft exchange	scope:	gte	version:	7.5	Trust: 1.0
vendor:	symantec	model:	protection for sharepoint servers	scope:	gte	version:	6.0	Trust: 1.0
vendor:	symantec	model:	data center security server	scope:	eq	version:	6.5	Trust: 1.0
vendor:	symantec	model:	message gateway	scope:	lte	version:	10.6.1-3	Trust: 1.0
vendor:	symantec	model:	ngc	scope:	lte	version:	22.6	Trust: 1.0
vendor:	symantec	model:	norton security	scope:	eq	version:	*	Trust: 1.0
vendor:	symantec	model:	norton bootable removal tool	scope:	lte	version:	2016.0	Trust: 1.0
vendor:	symantec	model:	csapi	scope:	lte	version:	10.0.4	Trust: 1.0
vendor:	symantec	model:	mail security for microsoft exchange	scope:	gte	version:	7.0	Trust: 1.0
vendor:	symantec	model:	mail security for microsoft exchange	scope:	lte	version:	7.5.4	Trust: 1.0
vendor:	symantec	model:	norton security with backup	scope:	eq	version:	*	Trust: 1.0
vendor:	symantec	model:	protection engine	scope:	gte	version:	7.5.0	Trust: 1.0
vendor:	symantec	model:	protection engine	scope:	lte	version:	7.0.5	Trust: 1.0
vendor:	symantec	model:	protection engine	scope:	lte	version:	7.5.4	Trust: 1.0
vendor:	symantec	model:	advanced threat protection	scope:	lte	version:	2.0.3	Trust: 1.0
vendor:	symantec	model:	protection for sharepoint servers	scope:	lte	version:	6.05	Trust: 1.0
vendor:	symantec	model:	norton 360	scope:	eq	version:	*	Trust: 1.0
vendor:	symantec	model:	norton security with backup	scope:	eq	version:	ngc 22.7	Trust: 0.8
vendor:	symantec	model:	protection engine	scope:	eq	version:	(spe) 7.8.0	Trust: 0.8
vendor:	symantec	model:	data center security:server	scope:	eq	version:	(sdcs:s) 6.6	Trust: 0.8
vendor:	symantec	model:	message gateway for service providers	scope:	eq	version:	(smg-sp) 10.5	Trust: 0.8
vendor:	symantec	model:	norton 360	scope:	lt	version:	everything	Trust: 0.8
vendor:	symantec	model:	protection engine	scope:	lte	version:	(spe) 7.5.4 and earlier	Trust: 0.8
vendor:	symantec	model:	web gateway	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	norton security with backup	scope:	lt	version:	everything	Trust: 0.8
vendor:	symantec	model:	web security	scope:	eq	version:	.cloud	Trust: 0.8
vendor:	symantec	model:	mail security for domino	scope:	lte	version:	(smsdom) 8.0.9 and earlier	Trust: 0.8
vendor:	symantec	model:	advanced threat protection	scope:	lte	version:	(atp) 2.0.3 and earlier	Trust: 0.8
vendor:	symantec	model:	norton bootable removal tool	scope:	lt	version:	everything	Trust: 0.8
vendor:	symantec	model:	csapi	scope:	lte	version:	10.0.4 and earlier	Trust: 0.8
vendor:	symantec	model:	data center security:server	scope:	eq	version:	(sdcs:s) 6.0	Trust: 0.8
vendor:	symantec	model:	endpoint protection	scope:	lte	version:	for mac (sep for mac) 12.1.6 mp4 and earlier	Trust: 0.8
vendor:	symantec	model:	message gateway for service providers	scope:	eq	version:	(smg-sp) 10.6	Trust: 0.8
vendor:	symantec	model:	protection for sharepoint servers	scope:	eq	version:	(spss) 6.03 to 6.05	Trust: 0.8
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	(smsmse) 6.5.8	Trust: 0.8
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	ngc 22.7	Trust: 0.8
vendor:	symantec	model:	data center security:server	scope:	eq	version:	(sdcs:s) 6.5mp1	Trust: 0.8
vendor:	symantec	model:	norton security	scope:	eq	version:	ngc 22.7	Trust: 0.8
vendor:	symantec	model:	endpoint protection	scope:	lte	version:	for linux (sep for linux) 12.1.6 mp4 and earlier	Trust: 0.8
vendor:	symantec	model:	mail security for microsoft exchange	scope:	lte	version:	(smsmse) 7.0.4 and earlier	Trust: 0.8
vendor:	symantec	model:	norton security	scope:	eq	version:	for mac 13.0.2	Trust: 0.8
vendor:	symantec	model:	norton internet security	scope:	eq	version:	ngc 22.7	Trust: 0.8
vendor:	symantec	model:	protection for sharepoint servers	scope:	lte	version:	(spss) 6.0.6 and earlier	Trust: 0.8
vendor:	symantec	model:	data center security:server	scope:	eq	version:	(sdcs:s) 6.5	Trust: 0.8
vendor:	symantec	model:	mail security for microsoft exchange	scope:	lte	version:	(smsmse) 7.5.4 and earlier	Trust: 0.8
vendor:	symantec	model:	norton security	scope:	lt	version:	everything	Trust: 0.8
vendor:	symantec	model:	norton power eraser	scope:	eq	version:	(npe) 5.1	Trust: 0.8
vendor:	symantec	model:	norton bootable removal tool	scope:	eq	version:	(nbrt) 2016.1	Trust: 0.8
vendor:	symantec	model:	endpoint protection	scope:	lte	version:	(sep) 12.1.6 mp4 and earlier	Trust: 0.8
vendor:	symantec	model:	norton product family	scope:	eq	version:	ngc 22.7	Trust: 0.8
vendor:	symantec	model:	data center security:server	scope:	eq	version:	(sdcs:s) 6.0mp1	Trust: 0.8
vendor:	symantec	model:	data center security:server	scope:	eq	version:	(sdcs:s) 6.6mp1	Trust: 0.8
vendor:	symantec	model:	norton 360	scope:	eq	version:	ngc 22.7	Trust: 0.8
vendor:	symantec	model:	message gateway	scope:	lte	version:	(smg) 10.6.1-3 and earlier	Trust: 0.8
vendor:	symantec	model:	norton antivirus	scope:	lt	version:	everything	Trust: 0.8
vendor:	symantec	model:	norton product family	scope:	lt	version:	everything	Trust: 0.8
vendor:	symantec	model:	norton power eraser	scope:	lt	version:	everything	Trust: 0.8
vendor:	symantec	model:	mail security for domino	scope:	lte	version:	(smsdom) 8.1.3 and earlier	Trust: 0.8
vendor:	symantec	model:	norton internet security	scope:	lt	version:	everything	Trust: 0.8
vendor:	symantec	model:	protection engine	scope:	lte	version:	(spe) 7.0.5 and earlier	Trust: 0.8
vendor:	symantec	model:	email security server	scope:	eq	version:	.cloud (ess)	Trust: 0.8
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.4000.2295	Trust: 0.6
vendor:	symantec	model:	endpoint protection ru6	scope:	eq	version:	11.0	Trust: 0.6
vendor:	symantec	model:	advanced threat protection	scope:	eq	version:	2.0.3	Trust: 0.6
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	7.0.4	Trust: 0.6
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	symantec	model:	web gateway	scope:	eq	version:	5.0	Trust: 0.3
vendor:	symantec	model:	web gateway	scope:	eq	version:	4.5	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.5.6	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.5.1	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.5	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.11	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.10	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.9	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.8	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.7	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.6	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.5	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.13	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.12	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.11	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.10.382	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.10	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	4.5	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	4.0	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.5.5	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.13	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.12	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	6.0.0.1	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.7.373	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.6.368	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.4.363	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	5.0.0.024	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	4.6.8.120	Trust: 0.3
vendor:	symantec	model:	mail security for microsoft exchange	scope:	eq	version:	4.6.5.12	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.0.6	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.0.3	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.10	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.9	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.8	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.7	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.6	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.325	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	5.1	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	5.0.47	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	4.1.4	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	4.1	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	4.0	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.0.9	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.0.8	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	8.0	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.5.32	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.4.29	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.3.25	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.12	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.11	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5.0.19	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	7.5	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	5.1.4.32	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	5.1.2.28	Trust: 0.3
vendor:	symantec	model:	mail security for domino	scope:	eq	version:	4.1.9.37	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.4010.26	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.4010.19	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.4000	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.3001.2224	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.2020.56	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.2010.25	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.2001.10	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.2000.1567	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.781.1287	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.780.1109	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.2	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.1	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	12.1	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	12.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.6200.754	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.4202.75	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0.3001	Trust: 0.3
vendor:	symantec	model:	endpoint protection mp2	scope:	eq	version:	11.0.2	Trust: 0.3
vendor:	symantec	model:	endpoint protection mp1	scope:	eq	version:	11.0.2	Trust: 0.3
vendor:	symantec	model:	endpoint protection mp2	scope:	eq	version:	11.0.1	Trust: 0.3
vendor:	symantec	model:	endpoint protection mp1	scope:	eq	version:	11.0.1	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru7 mp2	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru7 mp1	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6mp2	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6mp1	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6a	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6-mp3(11.0.63	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6-mp2(11.0.62	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6-mp1(11.0.61	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6 mp4	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6 mp3	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6 mp2	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru6 mp1	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru5	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru4	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection mr3	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection mr2	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection mr1	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0	Trust: 0.3
vendor:	symantec	model:	endpoint protection ru7	scope:	eq	version:	11	Trust: 0.3

sources: BID: 91439 // JVNDB: JVNDB-2016-003446 // NVD: CVE-2016-3645 // CNNVD: CNNVD-201606-631

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2016-3645
value:	CRITICAL
Trust: 1.8
CNNVD:	CNNVD-201606-631
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-92464
value:	HIGH
Trust: 0.1
VULMON:	CVE-2016-3645
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	TRUE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2016-3645
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.9
VULHUB:	VHN-92464
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2016-3645
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-92464 // VULMON: CVE-2016-3645 // JVNDB: JVNDB-2016-003446 // NVD: CVE-2016-3645 // CNNVD: CNNVD-201606-631

PROBLEMTYPE DATA

problemtype:

CWE-189

Trust: 1.9

sources: VULHUB: VHN-92464 // JVNDB: JVNDB-2016-003446 // NVD: CVE-2016-3645

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-631

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201606-631

CONFIGURATIONS

sources: NVD: CVE-2016-3645

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-92464 // VULMON: CVE-2016-3645

PATCH

title:	SYM16-010	url:	https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00	Trust: 0.8
title:	Multiple Symantec and Norton Product Integer Overflow Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62540	Trust: 0.6
title:	Symantec Security Advisories: Symantec Decomposer Engine Multiple Parsing Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=2d4155876d3176fc7fb3548ce33b0a8f	Trust: 0.1

sources: VULMON: CVE-2016-3645 // JVNDB: JVNDB-2016-003446 // CNNVD: CNNVD-201606-631

EXTERNAL IDS

db:	NVD	id:	CVE-2016-3645	Trust: 2.9
db:	BID	id:	91439	Trust: 2.1
db:	SECTRACK	id:	1036199	Trust: 1.8
db:	SECTRACK	id:	1036198	Trust: 1.8
db:	EXPLOIT-DB	id:	40035	Trust: 1.8
db:	USCERT	id:	TA16-187A	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-003446	Trust: 0.8
db:	CNNVD	id:	CNNVD-201606-631	Trust: 0.7
db:	PACKETSTORM	id:	137710	Trust: 0.1
db:	VULHUB	id:	VHN-92464	Trust: 0.1
db:	VULMON	id:	CVE-2016-3645	Trust: 0.1

sources: VULHUB: VHN-92464 // VULMON: CVE-2016-3645 // BID: 91439 // JVNDB: JVNDB-2016-003446 // NVD: CVE-2016-3645 // CNNVD: CNNVD-201606-631

REFERENCES

url:	https://www.exploit-db.com/exploits/40035/	Trust: 1.9
url:	http://www.securityfocus.com/bid/91439	Trust: 1.8
url:	http://www.securitytracker.com/id/1036198	Trust: 1.8
url:	http://www.securitytracker.com/id/1036199	Trust: 1.8
url:	https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3645	Trust: 0.8
url:	https://www.ipa.go.jp/security/ciadr/vul/20160705-symantec.html	Trust: 0.8
url:	http://jvn.jp/ta/jvnta99096686/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3645	Trust: 0.8
url:	https://www.us-cert.gov/ncas/alerts/ta16-187a	Trust: 0.8
url:	http://www.symantec.com	Trust: 0.3
url:	https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/189.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=49055	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-92464 // VULMON: CVE-2016-3645 // BID: 91439 // JVNDB: JVNDB-2016-003446 // NVD: CVE-2016-3645 // CNNVD: CNNVD-201606-631

CREDITS

Tavis Ormandy with Google's Project Zero

Trust: 0.6

sources: CNNVD: CNNVD-201606-631

SOURCES

db:	VULHUB	id:	VHN-92464
db:	VULMON	id:	CVE-2016-3645
db:	BID	id:	91439
db:	JVNDB	id:	JVNDB-2016-003446
db:	NVD	id:	CVE-2016-3645
db:	CNNVD	id:	CNNVD-201606-631

LAST UPDATE DATE

2023-12-18T13:03:18.520000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-92464	date:	2020-05-11T00:00:00
db:	VULMON	id:	CVE-2016-3645	date:	2020-05-11T00:00:00
db:	BID	id:	91439	date:	2016-07-06T15:08:00
db:	JVNDB	id:	JVNDB-2016-003446	date:	2016-07-07T00:00:00
db:	NVD	id:	CVE-2016-3645	date:	2020-05-11T19:23:07.310
db:	CNNVD	id:	CNNVD-201606-631	date:	2019-07-17T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-92464	date:	2016-06-30T00:00:00
db:	VULMON	id:	CVE-2016-3645	date:	2016-06-30T00:00:00
db:	BID	id:	91439	date:	2016-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2016-003446	date:	2016-07-07T00:00:00
db:	NVD	id:	CVE-2016-3645	date:	2016-06-30T23:59:06.747
db:	CNNVD	id:	CNNVD-201606-631	date:	2016-06-29T00:00:00