Main Vulnerability Database SB2016063011

SB2016063011 - Heap-based buffer overflow in Symantec Scan Engine

Published: June 30, 2016 Updated: November 22, 2018

Security Bulletin ID SB2016063011

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Heap-based buffer overflow (CVE-ID: CVE-2016-3644)

The vulnerability allows a remote attacker to cause heap overflow.

The vulnerability exists due to an error when Symantec attempts to clean or remove components from archives which are detected as malicious ones. The heap overflow occurs because Symantec assumes that filenames cannot be longer than 77 characters, which isn't correct.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

https://bugs.chromium.org/p/project-zero/issues/detail?id=818&q=label%3AVendor-Symantec