Two vulnerabilities have been reported in Symantec Endpoint Protection, which can be exploited by malicious people to manipulate certain data and compromise a vulnerable system.
1) Missing input validation in the "AgentServlet" servlet exposed by SemSvc.exe listening on TCP port 8443 can be exploited to delete arbitrary files via directory traversal sequences and render the Manager console unusable.
NOTE: This can further be exploited to inject and execute arbitrary code.
This vulnerability is reported in versions 12.1 prior to 12.1 RU1-MP1.
2) A boundary error within Dec2CAB.dll when scanning CAB files can be exploited to corrupt memory.
This vulnerability is reported in Symantec Endpoint Protection version 12.0.
Solution: Update to version 12.1 RU1-MP1.
Provided and/or discovered by: 1) Andrea Micalizzi aka rgod via ZDI.
2) Will Dormann, CERT/CC
Original Advisory: SYM12-008:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Symantec Endpoint Protection Two Vulnerabilities