CVE-2016-3645

Name of the Vulnerable Software and Affected Versions Symantec Advanced Threat Protection (ATP) versions 6.x through 6.6 MP1 Symantec Data Center Security:Server (SDCS:S) versions 6.x through 6.6 MP1 Symantec Web Gateway (affected versions not specified) Symantec Endpoint Protection (SEP) versions prior to 12.1 RU6 MP5 Symantec Endpoint Protection (SEP) for Mac (affected versions not specified) Symantec Endpoint Protection (SEP) for Linux versions prior to 12.1 RU6 MP5 Symantec Protection Engine (SPE) versions prior to 7.0.5 HF01, 7.5.x prior to 7.5.3 HF03, 7.5.4 prior to HF01, and 7.8.0 prior to HF01 Symantec Protection for SharePoint Servers (SPSS) versions 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6 Symantec Mail Security for Microsoft Exchange (SMSMSE) versions prior to 7.0 3966002 HF1.1 and 7.5.x prior to 7.5 3966008 VHF1.2 Symantec Mail Security for Domino (SMSDOM) versions prior to 8.0.9 HF1.1 and 8.1.x prior to 8.1.3 HF1.2 CSAPI versions prior to 10.0.4 HF01 Symantec Message Gateway (SMG) versions prior to 10.6.1-4 Symantec Message Gateway for Service Providers (SMG-SP) versions 10.5 before patch 254 and 10.6 before patch 253 Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 versions prior to NGC 22.7 Norton Security for Mac versions prior to 13.0.2 Norton Power Eraser (NPE) versions prior to 5.1 Norton Bootable Removal Tool (NBRT) versions prior to 2016.1

Description The issue is caused by an integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine, which may allow remote attackers to have an unspecified impact via crafted TNEF data. This can lead to a denial of service (memory corruption) or potentially allow the execution of arbitrary code using specially crafted TNEF files.

Recommendations For Symantec Advanced Threat Protection (ATP) versions 6.x through 6.6 MP1, update to a version later than 6.6 MP1. For Symantec Data Center Security:Server (SDCS:S) versions 6.x through 6.6 MP1, update to a version later than 6.6 MP1. For Symantec Endpoint Protection (SEP) versions prior to 12.1 RU6 MP5, update to version 12.1 RU6 MP5 or later. For Symantec Endpoint Protection (SEP) for Linux versions prior to 12.1 RU6 MP5, update to version 12.1 RU6 MP5 or later. For Symantec Protection Engine (SPE) versions prior to 7.0.5 HF01, 7.5.x prior to 7.5.3 HF03, 7.5.4 prior to HF01, and 7.8.0 prior to HF01, update to version 7.0.5 HF01, 7.5.3 HF03, 7.5.4 HF01, or 7.8.0 HF01 or later. For Symantec Protection for SharePoint Servers (SPSS) versions 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6, update to version 6.0.5 HF 1.5 or 6.0.6 HF 1.6 or later. For Symantec Mail Security for Microsoft Exchange (SMSMSE) versions prior to 7.0 3966002 HF1.1 and 7.5.x prior to 7.5 3966008 VHF1.2, update to version 7.0 3966002 HF1.1 or 7.5 3966008 VHF1.2 or later. For Symantec Mail Security for Domino (SMSDOM) versions prior to 8.0.9 HF1.1 and 8.1.x prior to 8.1.3 HF1.2, update to version 8.0.9 HF1.1 or 8.1.3 HF1.2 or later. For CSAPI versions prior to 10.0.4 HF01, update to version 10.0.4 HF01 or later. For Symantec Message Gateway (SMG) versions prior to 10.6.1-4, update to version 10.6.1-4 or later. For Symantec Message Gateway for Service Providers (SMG-SP) versions 10.5 before patch 254 and 10.6 before patch 253, apply patch 254 or patch 253 or later. For Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 versions prior to NGC 22.7, update to NGC 22.7 or later. For Norton Security for Mac versions prior to 13.0.2, update to version 13.0.2 or later. For Norton Power Eraser (NPE) versions prior to 5.1, update to version 5.1 or later. For Norton Bootable Removal Tool (NBRT) versions prior to 2016.1, update to version 2016.1 or later. As a temporary workaround, consider restricting the processing of TNEF files until a patch is available.