Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-5309

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 5.5, requiring local system access to exploit with relatively low complexity though user interaction is required and does not require pre-existing privileges . The vulnerability impacts and availability (service disruption) for affected systems. Impacting 15 products from broadcom, from symantec, from symantec and 12 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2017, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2017-04-14T18:59:00.500

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	broadcom	symantec_data_center_security_server	-	Yes
Application	symantec	advanced_threat_protection	-	Yes
Application	symantec	csapi	≤ 10.0.4	Yes
Application	symantec	email_security.cloud	-	Yes
Application	symantec	endpoint_protection	≤ 12.1.4	Yes
Application	symantec	endpoint_protection	≤ 12.1.6	Yes
Application	symantec	endpoint_protection	≤ 12.1.6	Yes
Application	symantec	endpoint_protection_cloud	-	Yes
Application	symantec	endpoint_protection_cloud	-	Yes
Application	symantec	endpoint_protection_for_small_business	≤ 12.1	Yes
Application	symantec	endpoint_protection_for_small_business	-	Yes
Application	symantec	mail_security_for_domino	≤ 8.0.9	Yes
Application	symantec	mail_security_for_domino	8.1.2	Yes
Application	symantec	mail_security_for_domino	8.1.3	Yes
Application	symantec	mail_security_for_microsoft_exchange	≤ 6.5.8	Yes
Application	symantec	mail_security_for_microsoft_exchange	7.0	Yes
Application	symantec	mail_security_for_microsoft_exchange	7.0.1	Yes
Application	symantec	mail_security_for_microsoft_exchange	7.0.2	Yes
Application	symantec	mail_security_for_microsoft_exchange	7.0.3	Yes
Application	symantec	mail_security_for_microsoft_exchange	7.0.4	Yes
Application	symantec	mail_security_for_microsoft_exchange	7.5	Yes
Application	symantec	mail_security_for_microsoft_exchange	7.5.1	Yes
Application	symantec	mail_security_for_microsoft_exchange	7.5.2	Yes
Application	symantec	mail_security_for_microsoft_exchange	7.5.3	Yes
Application	symantec	mail_security_for_microsoft_exchange	7.5.4	Yes
Application	symantec	messaging_gateway	≤ 10.6.1	Yes
Application	symantec	messaging_gateway_for_service_providers	10.5	Yes
Application	symantec	messaging_gateway_for_service_providers	10.6	Yes
Application	symantec	protection_engine	≤ 7.0.5	Yes
Application	symantec	protection_engine	7.5.0	Yes
Application	symantec	protection_engine	7.5.1	Yes
Application	symantec	protection_engine	7.5.2	Yes
Application	symantec	protection_engine	7.5.3	Yes
Application	symantec	protection_engine	7.5.4	Yes
Application	symantec	protection_engine	7.5.5	Yes
Application	symantec	protection_engine	7.8.0	Yes
Application	symantec	protection_for_sharepoint_servers	6.0.3	Yes
Application	symantec	protection_for_sharepoint_servers	6.0.4	Yes
Application	symantec	protection_for_sharepoint_servers	6.0.5	Yes
Application	symantec	protection_for_sharepoint_servers	6.0.6	Yes
Application	symantec	protection_for_sharepoint_servers	6.0.7	Yes
Application	symantec	web_gateway	-	Yes
Application	symantec	web_security.cloud	-	Yes

References

http://www.securityfocus.com/bid/92868 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1036847 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1036848 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1036849 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1036850 Third Party Advisory, VDB Entry ([email protected])
https://bugs.chromium.org/p/project-zero/issues/detail?id=867 Exploit, Patch, Third Party Advisory ([email protected])
https://www.exploit-db.com/exploits/40405/ Exploit, Third Party Advisory, VDB Entry ([email protected])
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160919_00 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/92868 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036847 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036848 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036849 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036850 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.chromium.org/p/project-zero/issues/detail?id=867 Exploit, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/40405/ Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160919_00 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For broadcom's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.