CVE-2012-0289
high
CVSS v3
—
CVSS v2
7.2
VIR risk
7.2
Description
Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| symantec | endpoint_protection | 11.0.6000 | |
| symantec | endpoint_protection | 11.0.6100 | |
| symantec | endpoint_protection | 11.0.6200 | |
| symantec | endpoint_protection | 11.0.6200.754 | |
| symantec | endpoint_protection | 11.0.6300 | |
| symantec | endpoint_protection | 11.0.7000 | |
| symantec | endpoint_protection | 11.0.7100 | |
| symantec | network_access_control | 11.0.6000 | |
| symantec | network_access_control | 11.0.6100 | |
| symantec | network_access_control | 11.0.6200 | |
| symantec | network_access_control | 11.0.6300 | |
| symantec | network_access_control | 11.0.7000 | |
| symantec | network_access_control | 11.0.7100 | |
References
- http://www.securityfocus.com/bid/51795
- http://www.securitytracker.com/id?1027093
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01
- http://www.securityfocus.com/bid/51795
- http://www.securitytracker.com/id?1027093
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.