Critical severity9.1NVD Advisory· Published May 19, 2016· Updated May 6, 2026

CVE-2016-2208

Description

The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.

Affected products

Symantec/Anti Virus Engine
cpe:2.3:a:symantec:anti-virus_engine:*:*:*:*:*:*:*:*
Range: <=20151.1.0.32

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.symantec.com/security_response/securityupdates/detail.jspnvdVendor Advisory
www.securityfocus.com/bid/90653nvd
www.securitytracker.com/id/1035903nvd
bugs.chromium.org/p/project-zero/issues/detailnvd
www.exploit-db.com/exploits/39835/nvd

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.042
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000