Remote stack-based buffer overflow in Broadcom products - CVE-2016-2210
Published: June 30, 2016 / Updated: July 12, 2020
Vulnerability identifier: #VU63
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2016-2210
CWE-ID: CWE-272
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Broadcom
Affected software:
Symantec Protection for SharePoint Servers (SPSS)
Symantec Mail Security for Domino (SMSDOM)
Symantec Mail Security for Microsoft Exchange (SMSMSE)
Symantec Protection for SharePoint Servers (SPSS)
Symantec Mail Security for Domino (SMSDOM)
Symantec Mail Security for Microsoft Exchange (SMSMSE)
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when decompressing LZH and LHA archives in the dec2lha library. A remote unauthenticated attacker can cause stacked-based buffer overflow by sending a specially crafted archive to vulnerable server.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
The vulnerability exists due to boundary error when decompressing LZH and LHA archives in the dec2lha library. A remote unauthenticated attacker can cause stacked-based buffer overflow by sending a specially crafted archive to vulnerable server.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2016-2210
Updates to resolve these issues can be installed using product update functionality. Users of Symantec Endpoint Protection (SEP), Symantec Protection Engine (SPE), Symantec Protection for SharePoint Servers (SPSS), Symantec Mail Security for Microsoft Exchange (SMSMSE) and Symantec Mail Security for Domino (SMSDOM) should apply custom patches. For more information, please refer to vendors advisory, specified in External links section.