The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Symantec Endpoint Protection, Mail Security, Web Gateway, Web Security: two vulnerabilities via RAR archives

Synthesis of the vulnerability 

An attacker can use several vulnerabilities via the RAR archives analyser of Symantec Endpoint Protection, Mail Security, Web Gateway, Web Security.
Vulnerable systems: SEP, Symantec Mail Security, Symantec Web Gateway, SWS.
Severity of this threat: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 20/09/2016.
Revision date: 21/09/2016.
Références of this weakness: CVE-2016-5309, CVE-2016-5310, VIGILANCE-VUL-20654.

Description of the vulnerability 

Several vulnerabilities were announced in Symantec Endpoint Protection, Mail Security, Web Gateway, Web Security.

An attacker can generate a memory corruption in the RAR analyser, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5310]

An attacker can generate a read only buffer overflow n the RAR archive analyser, in order to trigger a denial of service. [severity:2/4; CVE-2016-5309]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security alert impacts software or systems such as SEP, Symantec Mail Security, Symantec Web Gateway, SWS.

Our Vigil@nce team determined that the severity of this security weakness is important.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 2 vulnerabilities.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a specialist ability can exploit this security announce.

Solutions for this threat 

Symantec Endpoint Protection, Mail Security, Web Gateway, Web Security: fixed versions for the RAR analyser.
Fixed versions are indicated in information sources. Some of these products are automatically updated.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides software vulnerability analysis. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.