Intrusion Prevention

Symantec.Decomposer.Engine.Dec2SS.Buffer.Overflow

Description

This indicates an attack attempt to exploit a Buffer Overflow vulnerability in multiple Symantec products.
The vulnerability is due to an error when the vulnerable software handles a read request from the stream cache in an I/O abstraction layer. A remote attacker can exploit this to execute arbitrary code via a crafted PowerPoint file.

Affected Products

Symantec Data Center Security:Server (SDCS:S) 6.0, 6.0MP1, 6.5, 6.5MP1, 6.6, 6.6MP1
Symantec Web Security .Cloud
Email Security Server .Cloud (ESS)
Symantec Web Gateway 12.1.6 MP4 and prior
Symantec Endpoint Protection (SEP) 12.1.6 MP4 and prior
Symantec Endpoint Protection for Mac (SEP for Mac) 12.1.6 MP4 and prior
Symantec Endpoint Protection for Linux (SEP for Linux) 12.1.6 MP4 and prior
Symantec Protection Engine (SPE) 7.8.0 and prior
Symantec Protection for SharePoint Servers (SPSS) 6.0.6 and prior
Symantec Mail Security for Microsoft Exchange (SMSMSE) 7.5.4 and prior
Symantec Mail Security for Domino (SMSDOM) 8.1.3 and prior
CSAPI 10.0.4 and prior
Symantec Message Gateway (SMG) SMG 10.6.1-3 and prior
Symantec Message Gateway for Service Providers (SMG-SP) 10.5 and 10.6
Norton AntiVirus prior to NGC 22.7
Norton Security prior to NGC 22.7
Norton Security with Backup prior to NGC 22.7
Norton Internet Security prior to NGC 22.7
Norton 360 prior to NGC 22.7
Norton Security for Mac prior to 13.0.2
Norton Power Eraser (NPE) prior to 5.1
Norton Bootable Removal Tool (NBRT) prior to 2016.1

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

CVE References

CVE-2016-2209