PT-2016-1846 · Symantec+1 · Symantec Antivirus Scan Engine+1

Published

2016-05-16

Updated

2016-12-01

CVE-2016-2208

CVSS v3.1

9.4

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Symantec Anti-Virus Engine versions 20151.1 through 20151.1.1.4

Description The issue is related to errors in parsing executable files packed with ASPack software. It may allow a remote attacker to execute arbitrary code or cause a denial of service, resulting in memory access violations and system crashes, by using a file with a specially crafted PE header.

Recommendations For versions 20151.1 through 20151.1.1.4, update to version 20151.1.1.4 or later to resolve the issue.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-399

Related Identifiers

BDU:2016-01179

CVE-2016-2208

Affected Products

Aspack

Symantec Antivirus Scan Engine

PT-2016-1846 · Symantec+1 · Symantec Antivirus Scan Engine+1

CVE-2016-2208

Weakness Enumeration

Related Identifiers

Affected Products

References · 10