#VU65 CAB decompression memory corruption in Broadcom products - CVE-2016-2211

Vulnerability identifier: #VU65

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-2211

CWE-ID: CWE-441

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Symantec Protection Engine (SPE)
Symantec Scan Engine

Symantec Data Center Security:Server (SDCS:S)
Symantec Protection for SharePoint Servers (SPSS)
Symantec Mail Security for Domino (SMSDOM)
Symantec Mail Security for Microsoft Exchange (SMSMSE)

Software vendor:
Broadcom

The vulnerability allows a remote attacker to cause memory corruption on the target system.

The vulnerability exists due to boundary error when unpacking MSPACK archives in Symantec Antivirus. A remote unauthenticated attacker can cause a remote memory corruption by sending specially crafted archive to vulnerable server.

Successful exploitation of this vulnerability may result in remote code executione.

Updates to resolve these issues can be installed using product update functionality. Users of Symantec Endpoint Protection (SEP), Symantec Protection Engine (SPE), Symantec Protection for SharePoint Servers (SPSS), Symantec Mail Security for Microsoft Exchange (SMSMSE) and Symantec Mail Security for Domino (SMSDOM) should apply custom patches. For more information, please refer to vendors advisory, specified in External links section.

• https://bugs.chromium.org/p/project-zero/issues/detail?id=816&q=label%3AVendor-Symantec