1. CVE-Search
  2. CVE-2017-6324
ID CVE-2017-6324
Summary The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality resident to the application.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:messaging_gateway:9.5:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:messaging_gateway:9.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:9.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:messaging_gateway:9.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:9.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:messaging_gateway:9.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:9.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:messaging_gateway:9.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:9.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:messaging_gateway:10.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:messaging_gateway:10.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:10.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:messaging_gateway:10.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:10.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:messaging_gateway:10.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:10.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:messaging_gateway:10.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:10.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:messaging_gateway:10.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:10.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:messaging_gateway:10.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:10.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:messaging_gateway:10.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:10.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:messaging_gateway:10.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:10.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch3:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch3:*:*:*:*:*:*
  • cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch5:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch5:*:*:*:*:*:*
  • cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch7:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:10.6.0:patch7:*:*:*:*:*:*
  • cpe:2.3:a:symantec:messaging_gateway:10.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:10.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:messaging_gateway:10.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:messaging_gateway:10.6.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 98889
confirm https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170621_00
sectrack 1038785
Last major update 03-10-2019 - 00:03
Published 26-06-2017 - 21:29
Last modified 03-10-2019 - 00:03
Back to Top