Bypass in Symantec Messaging Gateway for Word File Processing
CVE-2017-6324

7.3HIGH

Key Information:

Vendor
Symantec Corporation
Status
Messaging Gateway
Vendor
CVE Published:
26 June 2017

Summary

The Symantec Messaging Gateway is susceptible to an issue where it improperly handles certain corrupted Word file attachments. Even with the 'disarm' feature activated, these files can still be processed, allowing potentially harmful macros to execute. This vulnerability represents a significant concern for organizations relying on this software to secure their email communications.

Affected Version(s)

Messaging Gateway All versions prior to version 10.6.3

References

http://www.securitytracker.com/id/1038785
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/98889
vdb-entryx_refsource_BID
https://www.symantec.com/security_response/securityupdate...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.