Symantec Endpoint Protection Client 12.1.x < 12.1 RU6 MP7 Local Privilege Escalation (SYM17-002)
Medium Nessus Plugin ID 97661
SynopsisThe Symantec Endpoint Protection Client installed on the remote host is affected by a privilege escalation vulnerability.
DescriptionThe version of Symantec Endpoint Protection (SEP) Client installed on the remote host is 12.1.x prior to 12.1 RU6 MP7. It is, therefore, affected by a local privilege escalation vulnerability in the SymEvent driver due to improper validation of user-supplied input. A local attacker can exploit this, via a specially crafted file, to manipulate certain system calls, resulting in a denial of service condition, or on 64-bit machines only, the possible execution of arbitrary code with kernel-level privileges.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Symantec Endpoint Protection Client version 12.1 RU6 MP7 or later.