Buffer Overflow in Symantec's Advanced Threat Protection and Other Products
CVE-2016-2209

7.3HIGH

Key Information:

Vendor

Symantec
Status
Mail Security For Microsoft Exchange
Vendor
CVE Published:
30 June 2016

What is CVE-2016-2209?

A buffer overflow vulnerability exists in the Dec2SS.dll component of the AntiVirus Decomposer engine within Symantec products. This flaw allows remote attackers to exploit the vulnerability by sending crafted files, potentially leading to arbitrary code execution on affected systems. Various Symantec offerings, including Advanced Threat Protection, Endpoint Protection for multiple platforms, and Norton products, fall within the scope of this vulnerability, making it essential for users to apply relevant patches and updates to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.exploit-db.com/exploits/40037/
exploitx_refsource_EXPLOIT-DB
http://www.securitytracker.com/id/1036199
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1036198
vdb-entryx_refsource_SECTRACK

EPSS Score

29% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.