Intrusion Prevention

Symantec.RAR.Decompression.Memory.Corruption

Description

This indicates an attack attempt against a memory corruption vulnerability in multiple Symantec products
The vulnerability is due to an error when the vulnerable software unpacks a crafted archive file such as ZIP and RAR. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted file.

Affected Products

Symantec Data Center Security:Server (SDCS:S) 6.0, 6.0MP1, 6.5, 6.5MP1, 6.6, 6.6MP1
Symantec Web Security .Cloud
Email Security Server .Cloud (ESS)
Symantec Web Gateway 12.1.6 MP4 and prior
Symantec Endpoint Protection (SEP) 12.1.6 MP4 and prior
Symantec Endpoint Protection for Mac (SEP for Mac) 12.1.6 MP4 and prior
Symantec Endpoint Protection for Linux (SEP for Linux) 12.1.6 MP4 and prior
Symantec Protection Engine (SPE) 7.8.0 and prior
Symantec Protection for SharePoint Servers (SPSS) 6.0.6 and prior
Symantec Mail Security for Microsoft Exchange (SMSMSE) 7.5.4 and prior
Symantec Mail Security for Domino (SMSDOM) 8.1.3 and prior
CSAPI 10.0.4 and prior
Symantec Message Gateway (SMG) SMG 10.6.1-3 and prior
Symantec Message Gateway for Service Providers (SMG-SP) 10.5 and 10.6
Norton AntiVirus prior to NGC 22.7
Norton Security prior to NGC 22.7
Norton Security with Backup prior to NGC 22.7
Norton Internet Security prior to NGC 22.7
Norton 360 prior to NGC 22.7
Norton Security for Mac prior to 13.0.2
Norton Power Eraser (NPE) prior to 5.1
Norton Bootable Removal Tool (NBRT) prior to 2016.1

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

CVE References

CVE-2016-2207