CVE-2016-9093

Name of the Vulnerable Software and Affected Versions Symantec Endpoint Protection versions 12.1 RU6 MP6 and earlier

Description The issue is related to the SymEvent Driver's failure to properly sanitize logged-in user input. This could allow a non-admin user to potentially manipulate certain system calls by saving and running a specially constructed executable file. The impact can range from a denial of service, causing the system to crash, to allowing the user to run arbitrary code on the local machine with kernel-level privileges in very specific circumstances on 64-bit systems. This could result in a non-privileged user gaining privileged access on the local machine.

Recommendations For Symantec Endpoint Protection versions 12.1 RU6 MP6 and earlier, update to a version later than 14.0 to resolve the issue. As a temporary workaround, consider restricting access to the SymEvent Driver interface to minimize the risk of exploitation.