CVE-2016-5309

EPSS 8.03% · P92 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2016-5309

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

多款Symantec产品AntiVirus Decomposer引擎RAR文件解析器组件安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Symantec Advanced Threat Protection: Network（ATP）等都是美国赛门铁克（Symantec）公司的安全产品。ATP是一套用于挖掘并清除终端、网络和电子邮件网关等存在的高级威胁的软件；Symantec Endpoint Protection（SEP）是一套防病毒软件。AntiVirus Decomposer engine是其中的一个反病毒引擎。RAR file parser是其中的一个压缩文件解析组件。多款Symantec产品中的AntiVirus Decomp

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2016-5309

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2016-5309

请登录查看更多情报信息。

https://bugs.chromium.org/p/project-zero/issues/detail?id=867x_refsource_MISC
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160919_00x_refsource_CONFIRM
https://www.exploit-db.com/exploits/40405/exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/92868vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1036850vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1036847vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1036848vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1036849vdb-entryx_refsource_SECTRACK
https://nvd.nist.gov/vuln/detail/CVE-2016-5309

Same Patch Batch · n/a · 2017-04-14 · 55 CVEs total

CVE-2016-6299		mock scm插件安全漏洞
CVE-2017-7878		flatCore SQL注入漏洞
CVE-2017-7696		SAP AS JAVA SSO Authentication Library 安全漏洞
CVE-2017-7875		feh 数字错误漏洞
CVE-2017-7871		tdm 跨站脚本漏洞
CVE-2017-7717		SAP NetWeaver AS Java ES UDDI SQL注入漏洞
CVE-2017-7877		flatCore 跨站请求伪造漏洞
CVE-2016-7051		Data format extension for Jackson 安全漏洞
CVE-2016-7032		IBM PowerKVM 访问控制错误漏洞
CVE-2016-6489		Nettle RSA Code 加密问题漏洞
CVE-2016-7060		Red Hat QuickStart Cloud Installer 安全漏洞
CVE-2016-5312		Symantec Messaging Gateway charting组件路径遍历漏洞
CVE-2016-5310		多款Symantec产品AntiVirus Decomposer引擎RAR文件解析器组件安全漏洞
CVE-2016-4890		ZOHO ManageEngine ServiceDesk Plus 安全漏洞
CVE-2016-4889		ZOHO ManageEngine ServiceDesk Plus 安全漏洞
CVE-2016-4888		ZOHO ManageEngine ServiceDesk Plus 跨站脚本漏洞
CVE-2016-4875		Geeklog 跨站脚本漏洞
CVE-2016-4455		Subscription-Manager 权限许可和访问控制问题漏洞
CVE-2016-3104		MongoDB 安全漏洞
CVE-2016-1713		Vtiger CRM 安全漏洞

Showing top 20 of 55 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2016-5309

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2016-5309

I. Basic Information for CVE-2016-5309

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2016-5309

III. Intelligence Information for CVE-2016-5309

Same Patch Batch · n/a · 2017-04-14 · 55 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2016-5309

Leave a comment