The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.
結論預警: CVE-2016-5310 綜合評估為高可利用風險(66.4/100):CVSS 技術影響為中級,利用機率偏高(EPSS 5.31%,百分位 92%) 核心證據: 已收錄 3 筆公開利用參考(Exploit-DB)。 強制指令: 存在公開利用—請盤點暴露面、落實緩解措施並優先修補。
風險隨態勢動態變化;本站持續評估並同步更新本頁展示內容。
| EDB-ID | 來源 | 類型 | 公開時間 | 連結 |
|---|---|---|---|---|
| 40405 | exploit_db | edb | 2016-09-21 | Exploit-DB ↗ |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ | |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS 日更估計相對被利用可能性;百分位表示該 CVE 在已評分漏洞中的相對排名(越高表示相對更嚴重)。
| # | 日期 | 舊 EPSS 分數 | 新 EPSS 分數 | 變化(新 − 舊) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 7.96% | 5.31% | -2.66% |
| 2 | 2025-09-20 | 8.15% | 7.96% | -0.19% |
| 3 | 2025-08-28 | — | 8.15% | — |
完整 EPSS 歷史 (共 14 筆)
該 CVE 的 CVSS 指標。
| 底座分 | 版本 | 嚴重度 | 向量 | 可利用性 | 影響 | 分數來源 |
|---|---|---|---|---|---|---|
| 5.5 | 3.1 | MEDIUM |
|
1.8 | 3.6 | [email protected] |
| 4.3 | 2.0 | MEDIUM |
|
8.6 | 2.9 | [email protected] |
| 廠商 | 產品 | 版本 | 原始 CPE |
|---|---|---|---|
| broadcom | symantec_data_center_security_server | — | cpe:2.3:a:broadcom:symantec_data_center_security_server:-:*:*:*:*:*:*:* |
| symantec | advanced_threat_protection | — | cpe:2.3:a:symantec:advanced_threat_protection:-:*:*:*:*:*:*:* |
| symantec | csapi | <= 10.0.4 | cpe:2.3:a:symantec:csapi:*:*:*:*:*:*:*:* |
| symantec | email_security.cloud | — | cpe:2.3:a:symantec:email_security.cloud:-:*:*:*:*:*:*:* |
| symantec | endpoint_protection | <= 12.1.4 | cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:mac:*:* |
| symantec | endpoint_protection | <= 12.1.6 | cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:linux:*:* |
| symantec | endpoint_protection | <= 12.1.6 | cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:windows:*:* |
| symantec | endpoint_protection_cloud | — | cpe:2.3:a:symantec:endpoint_protection_cloud:-:*:*:*:*:mac:*:* |
| symantec | endpoint_protection_cloud | — | cpe:2.3:a:symantec:endpoint_protection_cloud:-:*:*:*:*:windows:*:* |
| symantec | endpoint_protection_for_small_business | <= 12.1 | cpe:2.3:a:symantec:endpoint_protection_for_small_business:*:*:*:*:*:*:*:* |
| symantec | endpoint_protection_for_small_business | — | cpe:2.3:a:symantec:endpoint_protection_for_small_business:-:*:*:*:enterprise:*:*:* |
| symantec | mail_security_for_domino | <= 8.0.9 | cpe:2.3:a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:* |
| symantec | mail_security_for_domino | 8.1.2 | cpe:2.3:a:symantec:mail_security_for_domino:8.1.2:*:*:*:*:*:*:* |
| symantec | mail_security_for_domino | 8.1.3 | cpe:2.3:a:symantec:mail_security_for_domino:8.1.3:*:*:*:*:*:*:* |
| symantec | mail_security_for_microsoft_exchange | <= 6.5.8 | cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:* |
| symantec | mail_security_for_microsoft_exchange | 7.0 | cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0:*:*:*:*:*:*:* |
| symantec | mail_security_for_microsoft_exchange | 7.0.1 | cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.1:*:*:*:*:*:*:* |
| symantec | mail_security_for_microsoft_exchange | 7.0.2 | cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.2:*:*:*:*:*:*:* |
| symantec | mail_security_for_microsoft_exchange | 7.0.3 | cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.3:*:*:*:*:*:*:* |
| symantec | mail_security_for_microsoft_exchange | 7.0.4 | cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.0.4:*:*:*:*:*:*:* |
| symantec | mail_security_for_microsoft_exchange | 7.5 | cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5:*:*:*:*:*:*:* |
| symantec | mail_security_for_microsoft_exchange | 7.5.1 | cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.1:*:*:*:*:*:*:* |
| symantec | mail_security_for_microsoft_exchange | 7.5.2 | cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.2:*:*:*:*:*:*:* |
| symantec | mail_security_for_microsoft_exchange | 7.5.3 | cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.3:*:*:*:*:*:*:* |
| symantec | mail_security_for_microsoft_exchange | 7.5.4 | cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:7.5.4:*:*:*:*:*:*:* |
| symantec | messaging_gateway | <= 10.6.1 | cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:* |
| symantec | messaging_gateway_for_service_providers | 10.5 | cpe:2.3:a:symantec:messaging_gateway_for_service_providers:10.5:*:*:*:*:*:*:* |
| symantec | messaging_gateway_for_service_providers | 10.6 | cpe:2.3:a:symantec:messaging_gateway_for_service_providers:10.6:*:*:*:*:*:*:* |
| symantec | protection_engine | <= 7.0.5 | cpe:2.3:a:symantec:protection_engine:*:*:*:*:*:*:*:* |
| symantec | protection_engine | 7.5.0 | cpe:2.3:a:symantec:protection_engine:7.5.0:*:*:*:*:*:*:* |
| symantec | protection_engine | 7.5.1 | cpe:2.3:a:symantec:protection_engine:7.5.1:*:*:*:*:*:*:* |
| symantec | protection_engine | 7.5.2 | cpe:2.3:a:symantec:protection_engine:7.5.2:*:*:*:*:*:*:* |
| symantec | protection_engine | 7.5.3 | cpe:2.3:a:symantec:protection_engine:7.5.3:*:*:*:*:*:*:* |
| symantec | protection_engine | 7.5.4 | cpe:2.3:a:symantec:protection_engine:7.5.4:*:*:*:*:*:*:* |
| symantec | protection_engine | 7.5.5 | cpe:2.3:a:symantec:protection_engine:7.5.5:*:*:*:*:*:*:* |
| symantec | protection_engine | 7.8.0 | cpe:2.3:a:symantec:protection_engine:7.8.0:*:*:*:*:*:*:* |
| symantec | protection_for_sharepoint_servers | 6.0.3 | cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.3:*:*:*:*:*:*:* |
| symantec | protection_for_sharepoint_servers | 6.0.4 | cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.4:*:*:*:*:*:*:* |
| symantec | protection_for_sharepoint_servers | 6.0.5 | cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.5:*:*:*:*:*:*:* |
| symantec | protection_for_sharepoint_servers | 6.0.6 | cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.6:*:*:*:*:*:*:* |
| symantec | protection_for_sharepoint_servers | 6.0.7 | cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.0.7:*:*:*:*:*:*:* |
| symantec | web_gateway | — | cpe:2.3:a:symantec:web_gateway:-:*:*:*:*:*:*:* |
| symantec | web_security.cloud | — | cpe:2.3:a:symantec:web_security.cloud:-:*:*:*:*:*:*:* |
| URL | 標籤 |
|---|---|
| http://www.securityfocus.com/bid/92866 | Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1036847 | Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1036848 | Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1036849 | Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1036850 | Third Party Advisory VDB Entry |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=867 | Exploit Patch Third Party Advisory |
| https://www.exploit-db.com/exploits/40405/ | Exploit Third Party Advisory VDB Entry |
| https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160919_00 | Vendor Advisory |