Memory Corruption Vulnerability in Symantec Products
CVE-2016-3644

8.4HIGH

Key Information:

Vendor
Symantec
Status
Norton Security
Vendor
CVE Published:
30 June 2016

Summary

A vulnerability in the AntiVirus Decomposer engine of various Symantec security products allows remote attackers to exploit modified MIME data in messages. This exploitation can lead to arbitrary code execution or cause a denial of service due to memory corruption. Affected products include multiple versions of Symantec Advanced Threat Protection, Endpoint Protection, Mail Security, and Norton antivirus solutions, emphasizing the critical need for timely updates and patches.

References

http://www.securitytracker.com/id/1036199
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1036198
vdb-entryx_refsource_SECTRACK
https://www.symantec.com/security_response/securityupdate...
x_refsource_CONFIRM

EPSS Score

20% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.