Symantec and Norton Security Products Critical Vulnerabilities

Symantec and Norton branded antivirus products contain multiple vulnerabilities. Some of these products are in widespread use throughout government and industry. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system.

CVE-2016-2207

  • Symantec Antivirus multiple remote memory corruption unpacking RAR

CVE-2016-2208

  • Symantec antivirus products use common unpackers to extract malware binaries when scanning a system. A heap overflow vulnerability in the ASPack unpacker could allow an unauthenticated remote attacker to gain root privileges on Linux or OSX platforms. The vulnerability can be triggered remotely using a malicious file (via email or link) with no user interaction.

CVE-2016-2209

  • Symantec: PowerPoint misaligned stream-cache remote stack buffer overflow

CVE-2016-2210

  • Symantec: Remote Stack Buffer Overflow in dec2lha library

CVE-2016-2211

  • Symantec: Symantec Antivirus multiple remote memory corruption unpacking MSPACK Archives

CVE-2016-3644

  • Symantec: Heap overflow modifying MIME messages

CVE-2016-3645

  • Symantec: Integer Overflow in TNEF decoder

CVE-2016 -3646

  • Symantec: missing bounds checks in dec2zip ALPkOldFormatDecompressor::UnShrink

The large number of products affected (24 products), across multiple platforms (OSX, Windows, and Linux), and the severity of these vulnerabilities (remote code execution at root or SYSTEM privilege) make this a very serious event. A remote, unauthenticated attacker may be able to run arbitrary code at root or SYSTEM privileges by taking advantage of these vulnerabilities. Some of the vulnerabilities require no user interaction and are network-aware, which could result in a wormable-event.

Users and network administrators should  patch Symantec or Norton antivirus products immediately.

Source: US-CERT

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: