Secunia
Login
|
|
|
|
|
|
|
|
|
Symantec Endpoint Protection Two Vulnerabilities
Release Date: 2012-05-23 Last Update: 2012-11-08 Views: 1,992
Secunia Advisory SA49248
Where:
From remote
Impact:
Manipulation of data, System access,
Solution Status:
Vendor Patch
CVE Reference(s):
Description
Two vulnerabilities have been reported in Symantec Endpoint Protection, which can be exploited by malicious people to manipulate certain data and compromise a vulnerable system.
1) Missing input validation in the "AgentServlet" servlet exposed by SemSvc.exe listening on TCP port 8443 can be exploited to delete arbitrary files via directory traversal sequences and render the Manager console unusable.
NOTE: This can further be exploited to inject and execute arbitrary code.
This vulnerability is reported in versions 12.1 prior to 12.1 RU1-MP1.
2) A boundary error within Dec2CAB.dll when scanning CAB files can be exploited to corrupt memory.
This vulnerability is reported in Symantec Endpoint Protection version 12.0.
Solution:
Update to version 12.1 RU1-MP1.
Provided and/or discovered by:
1) Andrea Micalizzi aka rgod via ZDI.
2) Will Dormann, CERT/CC
Original Advisory:
SYM12-008:
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20121107_00
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-12-145/
US-CERT VU#985625
http://www.kb.cert.org/vuls/id/985625
Deep Links:
Links available to Secunia VIM customers
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com
Subject: Symantec Endpoint Protection Two Vulnerabilities
|
|
|||||||||
|
You must be logged in to post a comment. |
|||||||||
