Multiple vulnerabilities exist in the Decomposer component of Symantec Antivirus Engine. These vulnerabilities are due to incorrect or missing bounds checks. A remote, unauthenticated attacker could exploit these vulnerabilities by sending a maliciously crafted file to a user running this engine. Successful exploitation could result in arbitrary code execution in the context of SYSTEM.
Category Archives: Checkpoint
Checkpoint
Symantec Antivirus multiple remote memory corruption unpacking RAR (CVE-2016-2207)
Multiple vulnerabilities exist in the Decomposer component of Symantec Antivirus Engine. These vulnerabilities are due to incorrect or missing bounds checks. A remote, unauthenticated attacker could exploit these vulnerabilities by sending a maliciously crafted file to a user running this engine. Successful exploitation could result in arbitrary code execution in the context of SYSTEM.
Symantec PowerPoint Misaligned Stream Remote Stack Buffer Overflow (CVE-2016-2209)
Multiple vulnerabilities exist in the Decomposer component of Symantec Antivirus Engine. These vulnerabilities are due to incorrect and missing bounds checks. A remote, unauthenticated attacker could exploit these vulnerabilities by sending a maliciously crafted file to a user running this engine.
Symantec Antivirus multiple remote memory corruption unpacking MSPACK Archives (CVE-2016-2211)
Multiple vulnerabilities exist in the Decomposer component of Symantec Antivirus Engine. These vulnerabilities are due to incorrect or missing bounds checks. A remote, unauthenticated attacker could exploit these vulnerabilities by sending a maliciously crafted file to a user running this engine. Successful exploitation could result in arbitrary code execution in the context of SYSTEM.
Symantec Antivirus Engine ASPack Remote Memory Corruption (CVE-2016-2208)
A Memory Corruption vulnerability exist in the Symantec Antivirus Engine in ASPack early version. This vulnerability is due to incorrect parsing of executables packed by ASPack early version.
Symantec Integer Overflow in TNEF decoder (CVE-2016-3645)
Multiple vulnerabilities exist in the Decomposer component of Symantec Antivirus Engine. These vulnerabilities are due to incorrect or missing bounds checks. A remote, unauthenticated attacker could exploit these vulnerabilities by sending a maliciously crafted file to a user running this engine.
ImageMagick Insufficient Character Filtering Remote Code Execution (CVE-2016-3714)
A remote code execution vulnerability has been reported in ImageMagick. The vulnerability is due to insufficient characters filtering. A remote attacker may exploit this issue by uploading a specially crafted file. Successful exploitation would allow attackers to execute arbitrary code in the security context of the target user.
ImageMagick Unauthorized File Moving (CVE-2016-3716)
An Unauthorized File Moving vulnerability exists in ImageMagick. A remote attacker may exploit this issue by using one of ImageMagick’s pseudo protocols. Successful exploitation would allow attackers to move an uploaded file to a location where it might be later executed, resulting in remote execution of arbitrary code.
ImageMagick Server Side Request Forgery (CVE-2016-3718)
A Server Side Request Forgery vulnerability exists in ImageMagick. A remote attacker may exploit this issue by making a specially crafted HTTP or FTP request. Successful exploitation would allow attackers to create HTTP or FTP requests on behalf of the vulnerable server.
Businesses ill-prepared to defend against dramatic rise in zero day attacks
The post Businesses ill-prepared to defend against dramatic rise in zero day attacks appeared first on Check Point Software.