Symantec Endpoint Protection Client < 11.0.7.4 / 12.1.2 (SYM14-001)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The version of Symantec Endpoint Protection Client installed on the
remote host is affected by multiple vulnerabilities.

Description :

The version of Symantec Endpoint Protection Client running on the
remote host is either 11.x prior to 11.0.7.4 or 12.x prior to 12.1.2
(RU2). It is, therefore, affected by multiple security
vulnerabilities :

- The Application/Device Control in the SEP Client does
not properly enforce custom policies, which could allow
an attacker to circumvent policy restrictions in order
to access files or directories on the remote host.
(CVE-2013-5010)

- The SEP Client is susceptible to a flaw caused by an
unquoted search path, which could allow an attacker to
gain elevated privileges via a crafted program in the
%SYSTEMDRIVE% directory. (CVE-2013-5011)

See also :

http://www.nessus.org/u?04df6327

Solution :

Upgrade to 11.0.7.4 (11.x) / 12.1.2 RU2 (12.x) or later.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 71993 ()

Bugtraq ID: 64129
64130

CVE ID: CVE-2013-5010
CVE-2013-5011