Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-0289 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Endpoint Protection

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.7%

top 26.98%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Symantec Endpoint Protection Symantec Network Access Control

Timeline

PublishedMay 23

Latest updateMay 4

Description

Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDsymantec/network_access_control6 versions+5

▶NVDsymantec/endpoint_protection7 versions+6

🔴Vulnerability Details

GHSA

GHSA-cxpv-whmj-frr8: Buffer overflow in Symantec Endpoint Protection (SEP) 11↗2022-05-04

▶

CVEList

CVE-2012-0289: Buffer overflow in Symantec Endpoint Protection (SEP) 11↗2012-05-23

▶

💥Exploits & PoCs

Exploit-DB

Symantec End Point Protection 11.x / Symantec Network Access Control 11.x - Local Code Execution (PoC)↗2012-05-23

▶