PT-2014-2892 · Microsoft+1 · Windows+3
Publicado
2014-01-10
·
Atualizado
2017-08-29
·
CVE-2013-5011
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Symantec Endpoint Protection versions 11.x through 11.0.7.3
Symantec Endpoint Protection versions 12.x through 12.1.2 RU1
Symantec Endpoint Protection Small Business Edition versions 12.x through 12.1.2 RU1
Description
The issue allows local users to gain privileges via a crafted program in the %SYSTEMDRIVE% directory. This is due to an unquoted Windows search path vulnerability in the client.
Recommendations
For Symantec Endpoint Protection versions 11.x through 11.0.7.3, update to version 11.0.7.4 or later.
For Symantec Endpoint Protection versions 12.x through 12.1.2 RU1, update to version 12.1.2 RU2 or later.
For Symantec Endpoint Protection Small Business Edition versions 12.x through 12.1.2 RU1, update to version 12.1.2 RU2 or later.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Symantec Endpoint Protection
Symantec Endpoint Protection Client
Symantec Endpoint Protection Small Business Edition
Windows