Symantec Endpoint Protection Client < 12.1 RU6 MP4 SysPlant.sys Driver RCE (SYM16-003)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The version of Symantec Endpoint Protection Client installed on the
remote host is affected by a remote code execution vulnerability.

Description :

The version of Symantec Endpoint Protection Client running on the
remote host is 12.1 prior to 12.1 RU6 MP4. It is, therefore, affected
by a remote code execution vulnerability due to insecure permissions
for the SysPlant.sys driver. A remote attacker can exploit this, via a
crafted HTML document, to execute arbitrary code.

See also :

http://www.nessus.org/u?e94f36bc

Solution :

Upgrade to Symantec Endpoint Protection Client version 12.1 RU6 MP4 or
later. Alternatively, apply the workaround as described in the vendor
advisory.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 90199 ()

Bugtraq ID: 84344

CVE ID: CVE-2015-8154

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now