Executive Summary

Informations
NameCVE-2016-3646First vendor Publication2016-06-30
VendorCveLast vendor Modification2019-07-16

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted ZIP archive that is mishandled during decompression.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3646

CWE : Common Weakness Enumeration

%idName
100 %CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2
Application1
Application6
Application7
Application13
Application11
Application20
Application2
Application1
Application1
Application1
Application1
Application1
Application1
Application3
Application1
Application12
Application10

Snort® IPS/IDS

DateDescription
2016-08-02Symantec Antivirus ALPkOldFormatDecompressor out of bounds read attempt
RuleID : 39403 - Revision : 3 - Type : FILE-OTHER
2016-08-02Symantec Antivirus ALPkOldFormatDecompressor out of bounds read attempt
RuleID : 39402 - Revision : 3 - Type : FILE-OTHER

Nessus® Vulnerability Scanner

DateDescription
2016-09-09Name : A security application installed on the remote host is affected by multiple v...
File : symantec_protection_sharepoint_servers_sym16_010.nasl - Type : ACT_GATHER_INFO
2016-09-07Name : A security application installed on the remote host is affected by multiple v...
File : symantec_protection_engine_sym16_010.nasl - Type : ACT_GATHER_INFO
2016-09-07Name : A security application installed on the remote host is affected by multiple v...
File : symantec_protection_engine_sym16_010_nix.nasl - Type : ACT_GATHER_INFO
2016-07-12Name : A web security application hosted on the remote web server is affected by mul...
File : symantec_web_gateway_sym16-010.nasl - Type : ACT_GATHER_INFO
2016-07-01Name : The remote Windows host has software installed that is affected by multiple v...
File : symantec_sms_sym_16-010.nasl - Type : ACT_GATHER_INFO
2016-06-30Name : The version of Symantec Endpoint Protection Client installed on the remote ho...
File : symantec_endpoint_prot_client_sym16-010.nasl - Type : ACT_GATHER_INFO
2016-06-30Name : A messaging security application running on the remote host is affected by mu...
File : symantec_messaging_gateway_sym16-010.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/91435
CONFIRM https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=sec...
EXPLOIT-DB https://www.exploit-db.com/exploits/40036/
SECTRACK http://www.securitytracker.com/id/1036198
http://www.securitytracker.com/id/1036199

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
DateInformations
2019-07-19 05:19:37
  • Multiple Updates
2019-07-16 17:19:28
  • Multiple Updates
2019-05-04 12:06:46
  • Multiple Updates
2019-05-03 12:06:23
  • Multiple Updates
2018-10-31 00:21:05
  • Multiple Updates
2018-08-13 12:01:04
  • Multiple Updates
2017-12-01 12:07:05
  • Multiple Updates
2017-11-30 12:04:11
  • Multiple Updates
2017-09-03 09:24:03
  • Multiple Updates
2017-09-01 09:24:47
  • Multiple Updates
2017-04-26 12:01:30
  • Multiple Updates
2016-09-10 13:28:00
  • Multiple Updates
2016-09-09 21:23:09
  • Multiple Updates
2016-09-08 13:22:52
  • Multiple Updates
2016-07-13 13:25:48
  • Multiple Updates
2016-07-07 05:19:21
  • Multiple Updates
2016-07-02 13:24:48
  • Multiple Updates
2016-07-01 05:18:38
  • First insertion