Vulnerabilities > CVE-2016-2208 - Resource Management Errors vulnerability in Symantec Anti-Virus Engine 20151.1.0.32

047910
CVSS 9.1 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
symantec
CWE-399
critical
nessus
exploit available

Summary

The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.

Vulnerable Configurations

Part Description Count
Application
Symantec
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionSymantec/Norton Antivirus - ASPack Remote Heap/Pool Memory Corruption Vulnerability. CVE-2016-2208. Dos exploits for multiple platform
fileexploits/multiple/dos/39835.txt
idEDB-ID:39835
last seen2016-05-17
modified2016-05-17
platformmultiple
port
published2016-05-17
reporterGoogle Security Research
sourcehttps://www.exploit-db.com/download/39835/
titleSymantec/Norton Antivirus - ASPack Remote Heap/Pool Memory Corruption Vulnerability
typedos

Nessus

NASL familyWindows
NASL idSYMANTEC_SYM_16_008.NASL
descriptionThe version of Symantec Antivirus Engine (AVE) installed on the remote host is 20151.1.0.32. It is, therefore, affected by a remote code execution vulnerability due to improper parsing of malformed portable-executable (PE) header files and executables packed with early versions of Aspack. A remote attacker can exploit this by convincing a user to download and scan a document or application containing specially crafted PE header files, resulting in the execution of arbitrary code.
last seen2020-06-01
modified2020-06-02
plugin id91261
published2016-05-19
reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/91261
titleSymantec Antivirus Engine 20151.1.0.32 Malformed PE Header Parser Memory Access Violation (SYM16-008)