Symantec Endpoint Protection Client < 12.1 RU4 MP1b (SYM14-013)
Medium Nessus Plugin ID 77050
SynopsisThe version of Symantec Endpoint Protection Client installed on the remote host is affected by a local privilege escalation vulnerability.
DescriptionThe version of Symantec Endpoint Protection Client running on the remote host is either 11.x or 12.x prior to 12.1 RU4 MP1b. It is, therefore, affected by a local privilege escalation vulnerability.
A flaw exists in the sysplant driver due to insufficient validation of external input. An attacker, using specially crafted IOCTL code, could cause a kernel pool overflow resulting in elevated privileges to SYSTEM.
SolutionUpgrade to version 12.1 RU4 MP1b (12.1.4112.4156) or later.