Buffer Overflow Vulnerability in Symantec's Advanced Threat Protection and Related Products
CVE-2016-2210

7.3HIGH

Key Information:

Vendor

Symantec
Status
Mail Security For Microsoft Exchange
Vendor
CVE Published:
30 June 2016

What is CVE-2016-2210?

The vulnerability in the Dec2LHA.dll component within the AntiVirus Decomposer engine of various Symantec products can be exploited by remote attackers through crafted files, allowing them to execute arbitrary code on targeted systems. This weakness affects a range of products, primarily impacting users of Symantec Advanced Threat Protection, Symantec Endpoint Protection, and Norton security solutions. Users are advised to apply the latest security updates to mitigate this risk.

References

http://www.securitytracker.com/id/1036199
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1036198
vdb-entryx_refsource_SECTRACK
https://www.symantec.com/security_response/securityupdate...
x_refsource_CONFIRM

EPSS Score

29% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.