Integer overflow in TNEF decoder in Broadcom products - CVE-2016-3645
Published: June 30, 2016 / Updated: September 14, 2018
Vulnerability identifier: #VU67
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2016-3645
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Broadcom
Affected software:
Symantec Scan Engine
Symantec Protection for SharePoint Servers (SPSS)
Symantec Mail Security for Domino (SMSDOM)
Symantec Mail Security for Microsoft Exchange (SMSMSE)
Symantec Scan Engine
Symantec Protection for SharePoint Servers (SPSS)
Symantec Mail Security for Domino (SMSDOM)
Symantec Mail Security for Microsoft Exchange (SMSMSE)
Detailed vulnerability description
The vulnerability does not result in any detrimental actions due to underlying code.
However, the overflow was an exposure due to improper implementation that can potentially be used in the future, at some point, by an attacker.
However, the overflow was an exposure due to improper implementation that can potentially be used in the future, at some point, by an attacker.
How to mitigate CVE-2016-3645
Updates to resolve these issues can be installed using product update functionality. Users of Symantec Endpoint Protection (SEP), Symantec Protection Engine (SPE), Symantec Protection for SharePoint Servers (SPSS), Symantec Mail Security for Microsoft Exchange (SMSMSE) and Symantec Mail Security for Domino (SMSDOM) should apply custom patches. For more information, please refer to vendors advisory, specified in External links section.