This script is Copyright (C) 2014 Tenable Network Security, Inc.
The version of Symantec Endpoint Protection Client installed on the
remote host is affected by multiple vulnerabilities.
The version of Symantec Endpoint Protection Client running on the
remote host is either 11.x prior to 220.127.116.11 or 12.x prior to 12.1.2
(RU2). It is, therefore, affected by multiple security
- The Application/Device Control in the SEP Client does
not properly enforce custom policies, which could allow
an attacker to circumvent policy restrictions in order
to access files or directories on the remote host.
- The SEP Client is susceptible to a flaw caused by an
unquoted search path, which could allow an attacker to
gain elevated privileges via a crafted program in the
%SYSTEMDRIVE% directory. (CVE-2013-5011)
See also :
Upgrade to 18.104.22.168 (11.x) / 12.1.2 RU2 (12.x) or later.
Risk factor :
High / CVSS Base Score : 7.2
CVSS Temporal Score : 6.3
Public Exploit Available : false
Nessus Plugin ID: 71993 ()
Bugtraq ID: 6412964130
CVE ID: CVE-2013-5010CVE-2013-5011
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.