Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-2207

CWE-20 — Improper Input Validation6 documents5 sources

Severity

8.4HIGH

EPSS

50.2%

top 2.17%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Symantec Advanced Threat Protection Symantec Csapi Symantec Mail Security FOR Domino +11 more

Timeline

PublishedJun 30

Latest updateMay 13

Description

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages12 packages

▶NVDsymantec/norton_security13.0.1

▶NVDsymantec/norton_bootable_removal_tool2016.0

▶NVDsymantec/norton_power_eraser5.0

▶NVDsymantec/endpoint_protection12.1.6

▶NVDsymantec/data_center_security_server6.0, 6.5, 6.6+2

🔴Vulnerability Details

GHSA

GHSA-q9gf-67qr-pxc7: The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6↗2022-05-13

▶

CVEList

CVE-2016-2207: The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6↗2016-06-30

▶

OSV

eglibc, glibc regression↗2016-05-26

▶

OSV

eglibc, glibc vulnerabilities↗2016-05-25

▶

💥Exploits & PoCs

Exploit-DB

Symantec AntiVirus - Unpacking RAR Multiple Remote Memory Corruptions↗2016-06-29

▶