HOMEVULNERABILITIESCVE-2016-5310
MEDIUMPOC

CVE-2016-5310

CWE-787Published: April 14, 2017· Updated: Jun 17, 2026

5.5
CVSS v3.1

Official Description

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.

NVD Source

Technical Analysis

CVE-2016-5310 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation does not require any privileges, though user interaction (Required) is needed, which slightly reduces the risk of mass automated attacks.

A successful exploit results in availability disruption (denial of service), with a CVSS base score of 5.5.

A proof-of-concept (PoC) exploit exists for CVE-2016-5310. While not yet confirmed in active campaigns, the availability of PoC code increases exploitation risk substantially.

From a weakness classification perspective (CWE-787): Out-of-bounds write vulnerabilities can lead to data corruption, crashes, or arbitrary code execution.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.None
User InteractionRequired
ScopeUnchanged
Impact
ConfidentialityNone
IntegrityNone
AvailabilityHigh
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Vendors & Products

broadcom1 product(s)
symantec data center security server
symantec14 product(s)
advanced threat protectioncsapiemail security.cloudendpoint protectionendpoint protection cloudendpoint protection for small businessmail security for dominomail security for microsoft exchangemessaging gatewaymessaging gateway for service providersprotection engineprotection for sharepoint servers+2
Source: NVD CPE · 40 total CPE entries

Exploit & PoC Resources

POC AVAILABLEProof-of-concept code exists
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (16)

http://www.securityfocus.com/bid/92866Third Party Advisory · VDB Entry
http://www.securitytracker.com/id/1036847Third Party Advisory · VDB Entry
http://www.securitytracker.com/id/1036848Third Party Advisory · VDB Entry
http://www.securitytracker.com/id/1036849Third Party Advisory · VDB Entry
http://www.securitytracker.com/id/1036850Third Party Advisory · VDB Entry
https://www.exploit-db.com/exploits/40405/Exploit · Third Party Advisory · VDB Entry
http://www.securityfocus.com/bid/92866Third Party Advisory · VDB Entry
http://www.securitytracker.com/id/1036847Third Party Advisory · VDB Entry
http://www.securitytracker.com/id/1036848Third Party Advisory · VDB Entry
http://www.securitytracker.com/id/1036849Third Party Advisory · VDB Entry
http://www.securitytracker.com/id/1036850Third Party Advisory · VDB Entry
https://www.exploit-db.com/exploits/40405/Exploit · Third Party Advisory · VDB Entry

Quick Facts

CVE IDCVE-2016-5310
CVSS Score5.5 / 10
SeverityMEDIUM
WeaknessCWE-787
CISA KEVNo
ExploitPOC
Affected2 vendor(s)
PublishedApr 14, 2017

Related CVEs (CWE-787)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2016-5310 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.