Bypassing 'Disarm' Functionality in Symantec Messaging Gateway

Bypassing 'Disarm' Functionality in Symantec Messaging Gateway

CVE-2017-6324 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality resident to the application.

Learn more about our Web Application Penetration Testing UK.