Symantec Endpoint Protection Client < 12.1 RU4 MP1b (SYM14-013)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The version of Symantec Endpoint Protection Client installed on the
remote host is affected by a local privilege escalation vulnerability.

Description :

The version of Symantec Endpoint Protection Client running on the
remote host is either 11.x or 12.x prior to 12.1 RU4 MP1b. It is,
therefore, affected by a local privilege escalation vulnerability.

A flaw exists in the sysplant driver due to insufficient validation of
external input. An attacker, using specially crafted IOCTL code, could
cause a kernel pool overflow resulting in elevated privileges to
SYSTEM.

See also :

http://www.nessus.org/u?1de9bbfe
http://www.nessus.org/u?78cc154a

Solution :

Upgrade to version 12.1 RU4 MP1b (12.1.4112.4156) or later.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.4
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 77050 ()

Bugtraq ID: 68946

CVE ID: CVE-2014-3434

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now