CVE-2016-5308

MEDIUM

Symantec Client Intrusion Detection System - Memory Corruption

Title source: rule

Description

The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security allows remote attackers to cause a denial of service (memory corruption and system crash) via a malformed Portable Executable (PE) file.

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/91608

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036264

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036265

[Vendor Advisory] http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160707_01

Scores

CVSS v3 5.5

EPSS 0.0250

EPSS Percentile 85.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-119

Status draft

Affected Products (1)

symantec/client_intrusion_detection_system < 15.1.2

Timeline

Published Jul 12, 2016

Tracked Since Feb 18, 2026