Symantec Endpoint Protection CVE-2012-0295 File Include Vulnerability

Bugtraq ID:	53183
Class:	Input Validation Error
CVE:	CVE-2012-0295
Remote:	Yes
Local:	No
Published:	May 22 2012 12:00AM
Updated:	May 22 2012 12:00AM
Credit:	Andrea Micalizzi aka rgod, working through TippingPoint�??s ZeroDay Initiative.
Vulnerable:	Symantec Endpoint Protection 12.1
Not Vulnerable:	Symantec Endpoint Protection 12.1 RU1-MP1

Symantec Endpoint Protection CVE-2012-0295 File Include Vulnerability

Symantec Endpoint Protection is prone to a file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to insert and execute arbitrary code in the context of the affected application. This may facilitate remote privilege escalation and compromise the underlying system; other attacks are also possible.

NOTE: Successful exploits may require an attacker to first exploit BID 53182 (Symantec Endpoint Protection CVE-2012-0294 Directory Traversal Vulnerability).

Symantec Endpoint Protection 12.1 is vulnerable.

Symantec Endpoint Protection CVE-2012-0295 File Include Vulnerability

Currently we are not aware of any publicly available exploits. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].

Symantec Endpoint Protection CVE-2012-0295 File Include Vulnerability

Solution:
Vendor updates are available. Please see the references for more information.

Symantec Endpoint Protection CVE-2012-0295 File Include Vulnerability

References:

• Endpoint Protection Homepage (Symantec)
  
• SYM12-008: Security Advisories Relating to Symantec Products - Symantec Endpoint (Symantec)