Symantec Endpoint Protection Local Privilege Escalation Vulnerability
BID:51795
Info
Symantec Endpoint Protection Local Privilege Escalation Vulnerability
| Bugtraq ID: | 51795 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2012-0289 |
| Remote: | No |
| Local: | Yes |
| Published: | May 22 2012 12:00AM |
| Updated: | Aug 22 2012 06:40PM |
| Credit: | Anil Aphale aka 41.w4r10r of ControlCase India Pvt Ltd. |
| Vulnerable: |
Symantec Network Access Control 11.0 RU6-MP3(11.0.6300) 0 Symantec Network Access Control 11.0 RU6-MP2(11.0.6200) 0 Symantec Network Access Control 11.0 RU6-MP1(11.0.6100) 0 Symantec Network Access Control 11.0 RU7 MP1 Symantec Network Access Control 11.0 RU7 Symantec Network Access Control 11.0 RU6 Symantec Endpoint Protection 11.0 RU6-MP3(11.0.6300) 0 Symantec Endpoint Protection 11.0 RU6-MP2(11.0.6200) 0 Symantec Endpoint Protection 11.0 RU6-MP1(11.0.6100) 0 Symantec Endpoint Protection 11.0 RU7 MP1 Symantec Endpoint Protection 11.0 Ru6 Symantec Endpoint Protection 11 RU7 |
| Not Vulnerable: |
Symantec Network Access Control 11.0 RU7 MP2 Symantec Endpoint Protection 11.0 RU7 MP2 |
Discussion
Symantec Endpoint Protection Local Privilege Escalation Vulnerability
Symantec Endpoint Protection is prone to a local privilege-escalation vulnerability.
An attacker can exploit this issue to execute arbitrary code with elevated privileges. Failed exploit attempts will result in a denial-of-service condition.
Symantec Endpoint Protection is prone to a local privilege-escalation vulnerability.
An attacker can exploit this issue to execute arbitrary code with elevated privileges. Failed exploit attempts will result in a denial-of-service condition.
Exploit / POC
Symantec Endpoint Protection Local Privilege Escalation Vulnerability
The following proof-of-concept is available:
The following proof-of-concept is available:
Solution / Fix
Symantec Endpoint Protection Local Privilege Escalation Vulnerability
Solution:
The vendor has released an update. Please see the references for details.
Solution:
The vendor has released an update. Please see the references for details.
References
Symantec Endpoint Protection Local Privilege Escalation Vulnerability
References:
References:
- Symantec Homepage (Symantec Corp.)
- SYM12-008: Security Advisories Relating to Symantec Products - Symantec Endpoint (Symantec)