Intrusion Prevention

Symantec.Decomposer.Engine.ZIP.Compression.Memory.Access

Description

This indicates an attack attempt to exploit an out of bound Memory Access vulnerability in multiple Symantec products.
The vulnerability is due to a lack of boundary checks in the application when handling a crafted ZIP file. A remote attacker can exploit this to gain access to sensitive information.

Affected Products

Symantec Data Center Security:Server (SDCS:S) 6.0, 6.0MP1, 6.5, 6.5MP1, 6.6, 6.6MP1
Symantec Web Security .Cloud
Email Security Server .Cloud (ESS)
Symantec Web Gateway 12.1.6 MP4 and prior
Symantec Endpoint Protection (SEP) 12.1.6 MP4 and prior
Symantec Endpoint Protection for Mac (SEP for Mac) 12.1.6 MP4 and prior
Symantec Endpoint Protection for Linux (SEP for Linux) 12.1.6 MP4 and prior
Symantec Protection Engine (SPE) 7.8.0 and prior
Symantec Protection for SharePoint Servers (SPSS) 6.0.6 and prior
Symantec Mail Security for Microsoft Exchange (SMSMSE) 7.5.4 and prior
Symantec Mail Security for Domino (SMSDOM) 8.1.3 and prior
CSAPI 10.0.4 and prior
Symantec Message Gateway (SMG) SMG 10.6.1-3 and prior
Symantec Message Gateway for Service Providers (SMG-SP) 10.5 and 10.6
Norton AntiVirus prior to NGC 22.7
Norton Security prior to NGC 22.7
Norton Security with Backup prior to NGC 22.7
Norton Internet Security prior to NGC 22.7
Norton 360 prior to NGC 22.7
Norton Security for Mac prior to 13.0.2
Norton Power Eraser (NPE) prior to 5.1
Norton Bootable Removal Tool (NBRT) prior to 2016.1

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

CVE References

CVE-2016-3646