PT-2016-3864 · Symantec · Symantec Endpoint Protection+1

Published

2016-03-18

Updated

2016-12-03

CVE-2015-8154

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Symantec Endpoint Protection versions prior to 12.1 RU6-MP4

Description The issue allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions" in the SysPlant.sys driver.

Recommendations For versions prior to 12.1 RU6-MP4, update to RU6-MP4 or later to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2015-8154

Affected Products

Symantec Endpoint Protection

Symantec Endpoint Protection Client

PT-2016-3864 · Symantec · Symantec Endpoint Protection+1

CVE-2015-8154

Weakness Enumeration

Related Identifiers

Affected Products

References · 6