#VU66 Heap-based buffer overflow in Broadcom products - CVE-2016-3644

Vulnerability identifier: #VU66

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2016-3644

CWE-ID: CWE-122

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Symantec Scan Engine
Symantec Protection Engine (SPE)
Symantec Protection for SharePoint Servers (SPSS)
Symantec Data Center Security:Server (SDCS:S)
Symantec Mail Security for Domino (SMSDOM)
Symantec Mail Security for Microsoft Exchange (SMSMSE)

Software vendor:
Broadcom

The vulnerability allows a remote attacker to cause heap overflow.

The vulnerability exists due to an error when Symantec attempts to clean or remove components from archives which are detected as malicious ones. The heap overflow occurs because Symantec assumes that filenames cannot be longer than 77 characters, which isn't correct.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Updates to resolve these issues can be installed using product update functionality. Users of Symantec Endpoint Protection (SEP), Symantec Protection Engine (SPE), Symantec Protection for SharePoint Servers (SPSS), Symantec Mail Security for Microsoft Exchange (SMSMSE) and Symantec Mail Security for Domino (SMSDOM) should apply custom patches. For more information, please refer to vendors advisory, specified in External links section.

• https://bugs.chromium.org/p/project-zero/issues/detail?id=818&q=label%3AVendor-Symantec