#VU67 Integer overflow in TNEF decoder in Broadcom Server applications
Vulnerability identifier: #VU67
Vulnerability risk: Low
CVSSv3.1: 3.5 [AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
Symantec Scan Engine
Other software /
Other software solutions
Symantec Protection for SharePoint Servers (SPSS)
Server applications /
Other server solutions
Symantec Mail Security for Domino (SMSDOM)
Server applications /
IDS/IPS systems, Firewalls and proxy servers
Symantec Mail Security for Microsoft Exchange (SMSMSE)
Server applications /
IDS/IPS systems, Firewalls and proxy servers
Vendor: Broadcom
Description
The vulnerability does not result in any detrimental actions due to underlying code.
However, the overflow was an exposure due to improper implementation that can potentially be used in the future, at some point, by an attacker.
Mitigation
Updates to resolve these issues can be installed using product update functionality. Users of Symantec Endpoint Protection (SEP), Symantec Protection Engine (SPE), Symantec Protection for SharePoint Servers (SPSS), Symantec Mail Security for Microsoft Exchange (SMSMSE) and Symantec Mail Security for Domino (SMSDOM) should apply custom patches. For more information, please refer to vendors advisory, specified in External links section.
Vulnerable software versions
Symantec Scan Engine: 13.1.2.19
Symantec Protection for SharePoint Servers (SPSS): 6.0.3 - 6.0.6
Symantec Mail Security for Domino (SMSDOM): 8.0.9 - 8.1.3
Symantec Mail Security for Microsoft Exchange (SMSMSE): 6.5.8 - 7.5.4
External links
http://bugs.chromium.org/p/project-zero/issues/detail?id=819&q=label%3AVendor-Symantec
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
