Intrusion Prevention

Symantec.Decomposer.Engine.MSPACK.DoS

Description

This indicates an attack attempt to exploit a Denial-Of-Service vulnerability in multiple Symantec products.
The vulnerability is due to improper handling of decompression callbacks when processing Cabinet files leading to a nULL pointer dereference. A remote attacker may be able to exploit this to cause a denial of service condition on the system, via a crafted file.

Affected Products

Norton 360 prior to NGC 22.7
Norton Bootable Removal Tool prior to 2016.1
Norton Power Eraser prior to 5.1
Norton Security prior to NGC 22.7
Symantec CSAPI prior to 10.0.4 HF01
Symantec Data Center Security: Server Advanced 6.5 MP1
Symantec Data Center Security: Server Advanced 6.6 MP1
Symantec Endpoint Protection prior to 12.1-RU6-MP5
Symantec Mail Security for Domino 8.1.3 and prior
Symantec Mail Security for Microsoft Exchange 7.5.4 and prior
Symantec Mail Security for Microsoft Exchange 7.5.4 and prior
Symantec Message Gateway prior to 10.6.1-4
Symantec Norton Antivirus prior to NGC 22.7
Symantec Norton Internet Security prior to NGC 22.7
Symantec Protection Engine 7.8.0
Symantec Protection Engine prior to 7.5.4
Symantec Protection for SharePoint Servers 6.0.6 and prior

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

CVE References

CVE-2016-2211