virus logo Intrusion Prevention

Symantec.Decomposer.Engine.dec2lha.Library.Buffer.Overflow

description-logoDescription

This indicates an attack attempt to exploit a Buffer Overflow vulnerability in multiple Symantec products.
The vulnerability is due to an error when the vulnerable software handles a maliciously crafted lzh/lha format file. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted file.

affected-products-logoAffected Products

Symantec Data Center Security:Server (SDCS:S) 6.0, 6.0MP1, 6.5, 6.5MP1, 6.6, 6.6MP1
Symantec Web Security .Cloud
Email Security Server .Cloud (ESS)
Symantec Web Gateway 12.1.6 MP4 and prior
Symantec Endpoint Protection (SEP) 12.1.6 MP4 and prior
Symantec Endpoint Protection for Mac (SEP for Mac) 12.1.6 MP4 and prior
Symantec Endpoint Protection for Linux (SEP for Linux) 12.1.6 MP4 and prior
Symantec Protection Engine (SPE) 7.8.0 and prior
Symantec Protection for SharePoint Servers (SPSS) 6.0.6 and prior
Symantec Mail Security for Microsoft Exchange (SMSMSE) 7.5.4 and prior
Symantec Mail Security for Domino (SMSDOM) 8.1.3 and prior
CSAPI 10.0.4 and prior
Symantec Message Gateway (SMG) SMG 10.6.1-3 and prior
Symantec Message Gateway for Service Providers (SMG-SP) 10.5 and 10.6
Norton AntiVirus prior to NGC 22.7
Norton Security prior to NGC 22.7
Norton Security with Backup prior to NGC 22.7
Norton Internet Security prior to NGC 22.7
Norton 360 prior to NGC 22.7
Norton Security for Mac prior to 13.0.2
Norton Power Eraser (NPE) prior to 5.1
Norton Bootable Removal Tool (NBRT) prior to 2016.1

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor's advisory for updates:
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 42673
Created Jul 06, 2016
Updated May 02, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2016-2210
Exploit Prediction Score 3.39%
Default Action drop
Active
Affected OS Windows, Linux, MacOS
Affected App Other