1. CVE-Search
  2. CVE-2016-3645
ID CVE-2016-3645
Summary Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to have an unspecified impact via crafted TNEF data.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:norton_security:13.0.1:*:*:*:*:macos:*:*
    cpe:2.3:a:symantec:norton_security:13.0.1:*:*:*:*:macos:*:*
  • cpe:2.3:a:symantec:protection_engine:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_engine:7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:protection_engine:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_engine:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:protection_engine:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_engine:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:protection_engine:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_engine:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:protection_engine:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_engine:7.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:protection_engine:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_engine:7.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:protection_engine:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_engine:7.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:protection_engine:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_engine:7.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:protection_engine:7.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_engine:7.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:protection_engine:7.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_engine:7.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:protection_engine:7.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_engine:7.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:protection_engine:7.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_engine:7.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:advanced_threat_protection:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:advanced_threat_protection:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:advanced_threat_protection:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:advanced_threat_protection:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:advanced_threat_protection:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:advanced_threat_protection:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:advanced_threat_protection:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:advanced_threat_protection:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_bootable_removal_tool:2016.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:norton_bootable_removal_tool:2016.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:data_center_security_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:data_center_security_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:data_center_security_server:6.0:mp1:*:*:*:*:*:*
    cpe:2.3:a:symantec:data_center_security_server:6.0:mp1:*:*:*:*:*:*
  • cpe:2.3:a:symantec:data_center_security_server:6.5:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:data_center_security_server:6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:data_center_security_server:6.5:mp1:*:*:*:*:*:*
    cpe:2.3:a:symantec:data_center_security_server:6.5:mp1:*:*:*:*:*:*
  • cpe:2.3:a:symantec:data_center_security_server:6.6:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:data_center_security_server:6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:data_center_security_server:6.6:mp1:*:*:*:*:*:*
    cpe:2.3:a:symantec:data_center_security_server:6.6:mp1:*:*:*:*:*:*
  • cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.03:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.03:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.04:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.04:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.05:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.05:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway_for_service_providers:10.5:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway_for_service_providers:10.5:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway_for_service_providers:10.6:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway_for_service_providers:10.6:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:csapi:10.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:csapi:10.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:endpoint_protection:12.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:endpoint_protection:12.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:*
    cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:*
  • cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:*
    cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:*
  • cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:*
    cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:*
  • cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:*
    cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:*
  • cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:linux:*:*
    cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:linux:*:*
  • cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:macos:*:*
    cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:macos:*:*
  • cpe:2.3:a:symantec:norton_power_eraser:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:norton_power_eraser:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_domino:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_domino:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_domino:8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_domino:8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_domino:8.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_domino:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_domino:8.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_domino:8.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_domino:8.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_domino:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_domino:8.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_domino:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_domino:8.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_domino:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_domino:8.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_domino:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_domino:8.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_domino:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_domino:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_domino:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_domino:8.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_domino:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_domino:8.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_domino:8.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_domino:8.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_domino:8.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:6.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:6.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:9.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:9.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:9.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:9.5:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:9.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:9.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:9.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:9.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:9.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:9.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:9.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:9.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.5:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.5:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.6:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.6:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:message_gateway:10.6.1-3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:message_gateway:10.6.1-3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_360:*:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:norton_360:*:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_internet_security:*:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:norton_internet_security:*:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_security:*:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:norton_security:*:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_security_with_backup:*:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:norton_security_with_backup:*:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:ngc:22.6:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:ngc:22.6:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 11-05-2020 - 19:23)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 91439
confirm https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00
exploit-db 40035
sectrack
  • 1036198
  • 1036199
Last major update 11-05-2020 - 19:23
Published 30-06-2016 - 23:59
Last modified 11-05-2020 - 19:23
Back to Top