CVE-2017-6324

3 documents3 sources

Severity

7.3HIGH

EPSS

0.5%

top 36.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Messaging Gateway Symantec Corporation Messaging Gateway

Timeline

PublishedJun 26

Latest updateMay 13

Description

The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality resident to the application.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

▶NVDsymantec/messaging_gateway10.6.2

▶CVEListV5symantec_corporation/messaging_gatewayAll versions prior to version 10.6.3

🔴Vulnerability Details

GHSA

GHSA-63mf-j3v5-8x67: The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious↗2022-05-13

▶

CVEList

CVE-2017-6324: The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious↗2017-06-26

▶