The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Symantec Mail Security

vulnerability note CVE-2016-5309 CVE-2016-5310

Symantec Endpoint Protection, Mail Security, Web Gateway, Web Security: two vulnerabilities via RAR archives

Synthesis of the vulnerability

An attacker can use several vulnerabilities via the RAR archives analyser of Symantec Endpoint Protection, Mail Security, Web Gateway, Web Security.
Impacted products: SEP, Symantec Mail Security, Symantec Web Gateway, SWS.
Severity: 3/4.
Consequences: privileged access/rights, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 20/09/2016.
Revision date: 21/09/2016.
Identifiers: CVE-2016-5309, CVE-2016-5310, VIGILANCE-VUL-20654.

Description of the vulnerability

Several vulnerabilities were announced in Symantec Endpoint Protection, Mail Security, Web Gateway, Web Security.

An attacker can generate a memory corruption in the RAR analyser, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5310]

An attacker can generate a read only buffer overflow n the RAR archive analyser, in order to trigger a denial of service. [severity:2/4; CVE-2016-5309]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-2207 CVE-2016-2209 CVE-2016-2210

Symantec: seven vulnerabilities of the "Decomposer" module

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Symantec products.
Impacted products: Norton Antivirus, Norton Internet Security, Norton Security, SEP, Symantec Mail Security, Symantec Web Gateway, SWS.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 29/06/2016.
Revision date: 29/06/2016.
Identifiers: 810, 814, 816, 818, 819, 821, 823, CERTFR-2016-AVI-222, CVE-2016-2207, CVE-2016-2209, CVE-2016-2210, CVE-2016-2211, CVE-2016-3644, CVE-2016-3645, CVE-2016-3646, VIGILANCE-VUL-19997.

Description of the vulnerability

Several vulnerabilities were announced in Symantec Endpoint Protection.

An attacker can generate a buffer overflow via a substream of MS-Office file, in order to trigger a denial of service, and possibly to run code. [severity:4/4; 823, CVE-2016-2209]

An attacker can force a read at an invalid address via ALPkOldFormatDecompressor::UnShrink, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; 821, CVE-2016-3646]

An attacker can generate an integer overflow via Attachment::setDataFromAttachment, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 819, CVE-2016-3645]

An attacker can generate a buffer overflow via CMIMEParser::UpdateHeader, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 818, CVE-2016-3644]

An attacker can generate a memory corruption via a MSPACK archive, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 816, CVE-2016-2211]

An attacker can generate a buffer overflow via CSymLHA::get_header, in order to trigger a denial of service, and possibly to run code. [severity:4/4; 814, CVE-2016-2210]

An attacker can generate a memory corruption via a RAR archive, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 810, CVE-2016-2207]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 12179

Symantec Mail Security, Cisco IronPort, Lotus Domino/Notes: vulnerabilities of Autonomy KeyView

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Autonomy KeyView, in order to execute code in Symantec Mail Security, Cisco IronPort and Lotus Domino/Notes.
Impacted products: AsyncOS, Cisco ESA, IronPort Email, IronPort Web, Cisco WSA, Domino, Notes, Symantec Mail Security.
Severity: 3/4.
Consequences: privileged access/rights, denial of service on service.
Provenance: document.
Creation date: 21/11/2012.
Revisions dates: 22/11/2012, 27/11/2012.
Identifiers: BID-56610, CERTA-2012-AVI-677, CERTA-2012-AVI-683, swg21627597, swg21627992, SYM12-018, VIGILANCE-VUL-12179, VU#849841.

Description of the vulnerability

The Symantec Mail Security, Cisco IronPort and Lotus Domino/Notes products use the Autonomy KeyView Filter libraries to analyze documents. These libraries are impacted by several vulnerabilities.



An attacker can therefore use several vulnerabilities of Autonomy KeyView, in order to execute code in Symantec Mail Security, Cisco IronPort and Lotus Domino/Notes.

Cisco states that Cisco IronPort is not vulnerable, contrary to what the CERT stated. But they did not publish any announce about this.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2011-0337 CVE-2011-0338 CVE-2011-0339

Symantec Mail Security: vulnerabilities of Autonomy KeyView

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Autonomy KeyView, in order to execute code in Symantec Mail Security.
Impacted products: Symantec Mail Security.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 9.
Creation date: 07/10/2011.
Identifiers: BID-47962, BID-48016, BID-48017, BID-48018, BID-48019, BID-48020, BID-49898, BID-49899, BID-49900, CERTA-2011-AVI-310, CERTA-2011-AVI-582, CVE-2011-0337, CVE-2011-0338, CVE-2011-0339, CVE-2011-1213, CVE-2011-1214, CVE-2011-1215, CVE-2011-1216, CVE-2011-1218, CVE-2011-1512, PRAD8823JQ, PRAD8823ND, PRAD88MJ2W, PRAD8E3HKR, RAD8E3NKZ, SYM11-013, VIGILANCE-VUL-11044.

Description of the vulnerability

The Symantec Mail Security product uses the Autonomy KeyView Filter libraries to analyze documents. These libraries are impacted by several vulnerabilities.

An attacker can create a malicious Excel file, in order to create a denial of service or to execute code (VIGILANCE-VUL-10680). [severity:3/4; BID-47962, BID-48017, CERTA-2011-AVI-310, CERTA-2011-AVI-582, CVE-2011-1512]

When a malicious Excel file is opened, a buffer overflow occurs in xlssr.dll. [severity:3/4; CVE-2011-1213, PRAD8E3HKR]

When a LZH archive with a malicious LZH header is opened, a buffer overflow occurs in lzhsr.dll. [severity:3/4; BID-48018, CVE-2011-1214, PRAD88MJ2W]

When a RTF file containing a malicious hyperlink is opened, a buffer overflow occurs in rtfsr.dll. [severity:3/4; BID-48019, CVE-2011-1215, PRAD8823JQ]

When a Word file containing a malicious hyperlink is opened, a buffer overflow occurs in mw8sr.dll. [severity:3/4; BID-48020, CVE-2011-1216, PRAD8823ND]

When a malicious PRZ image (Lotus Freelance Graphics) is opened, a buffer overflow occurs in kpprzrdr.dll. [severity:3/4; BID-48016, CVE-2011-1218, RAD8E3NKZ]

A document containing long QLST data generates an overflow in the Ichitaro Speed Reader (jtdsr.dll). [severity:3/4; BID-49898, CVE-2011-0337]

A document containing malformed data generates an overflow in the Ichitaro Speed Reader (jtdsr.dll). [severity:3/4; BID-49900, CVE-2011-0339]

A document containing long text data generates an overflow in the Ichitaro Speed Reader (jtdsr.dll). [severity:3/4; BID-49899, CVE-2011-0338]

An attacker can therefore use several vulnerabilities of Autonomy KeyView, in order to execute code in Symantec Mail Security.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2011-0548

Symantec Mail Security: buffer overflow of Autonomy Verity Keyview PRZ

Synthesis of the vulnerability

An attacker can send a malicious PRZ file, in order to generate an overflow in the Autonomy Verity Keyview PRZ Reader Filter component of Symantec Mail Security, and then to execute code.
Impacted products: Symantec Mail Security.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 06/06/2011.
Identifiers: BID-48013, CERTA-2011-AVI-326, CVE-2011-0548, SYM11-007, VIGILANCE-VUL-10705, VU#126159.

Description of the vulnerability

Files with the PRZ extension are images in the Lotus Freelance Graphics format.

Several Symantec products use the Autonomy Verity Keyview PRZ Reader filter which opens PRZ files. However, this filter does not correctly check the format of the PRZ file, which creates a buffer overflow.

An attacker can therefore send a malicious PRZ file, in order to generate an overflow in the Autonomy Verity Keyview PRZ Reader Filter component of Symantec Mail Security, and then to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2010-0126 CVE-2010-0131 CVE-2010-0133

Symantec Mail Security: vulnerabilities of Autonomy KeyView

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Autonomy KeyView, in order to execute code in Symantec Mail Security.
Impacted products: Symantec Mail Security.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 29/07/2010.
Identifiers: BID-41928, CERTA-2010-AVI-338, CERTA-2010-AVI-339, CVE-2010-0126, CVE-2010-0131, CVE-2010-0133, CVE-2010-0134, CVE-2010-0135, CVE-2010-1524, CVE-2010-1525, PRAD837LDA, PRAD83F4CU, PRAD83M2UM, PRAD83M367, PRAD83ML59, SYM10-009, VIGILANCE-VUL-9796.

Description of the vulnerability

The Symantec Mail Security product uses the Autonomy KeyView Filter libraries to analyze documents. These libraries are impacted by several vulnerabilities.

An attacker can create a malicious Compound Document, in order to generate a buffer overflow in Autonomy KeyView. [severity:3/4; CERTA-2010-AVI-338, CERTA-2010-AVI-339, CVE-2010-0126, PRAD837LDA]

An attacker can create a SpreadSheet Lotus 123 document containing a malicious float number, in order to generate a buffer overflow in Autonomy KeyView wkssr.dll. [severity:3/4; CVE-2010-0131, PRAD83F4CU]

An attacker can create a malicious SpreadSheet Lotus 123 document, in order to generate a buffer overflow in Autonomy KeyView wkssr.dll. [severity:3/4; CVE-2010-0133, PRAD83M2UM]

An attacker can create a malicious RTF document containing a "\ls" field, in order to generate a buffer overflow in Autonomy KeyView rtfsr.dll. [severity:3/4; CVE-2010-0134]

An attacker can create a malicious WordPerfect 5.x document, in order to generate a buffer overflow in Autonomy KeyView wosr.dll. [severity:3/4; CVE-2010-0135, PRAD83M367]

An attacker can create a malicious SpreadSheet Lotus 123 document, in order to generate an integer underflow in Autonomy KeyView wkssr.dll. [severity:2/4; CVE-2010-1524, PRAD83ML59]

An attacker can create a malicious WordPerfect 5.x document, in order to generate a buffer overflow in Autonomy KeyView wkssr.dll. [severity:3/4; CVE-2010-1525, PRAD83M2UM]

An attacker can therefore use several vulnerabilities of Autonomy KeyView, in order to execute code in Symantec Mail Security.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Symantec Mail Security: