CVE-2012-4349Heap-based Buffer Overflow in Network Access Control

CWE-122Heap-based Buffer Overflow7 documents5 sources
Severity
7.2HIGHNVD
EPSS
0.3%
top 49.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Symantec Network Access Control
Timeline
PublishedDec 11
Latest updateMay 17

Description

Unquoted Windows search path vulnerability in Symantec Network Access Control (SNAC) 12.1 before RU2 allows local users to gain privileges via unspecified vectors.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDsymantec/network_access_control12.1, 12.1.1, 12.1.1.1+2

🔴Vulnerability Details

2
GHSA
GHSA-qv84-wq8g-5gw7: Unquoted Windows search path vulnerability in Symantec Network Access Control (SNAC) 122022-05-17
CVEList
CVE-2012-4349: Unquoted Windows search path vulnerability in Symantec Network Access Control (SNAC) 122012-12-11

📋Vendor Advisories

2
Red Hat
icedtea-web: issue not fixed in 1.42013-09-16
Red Hat
icedtea-web: IcedTeaScriptableJavaObject:: invoke off-by-one heap-based buffer overflow2012-11-07

💬Community

2
Bugzilla
CVE-2013-4349 icedtea-web: CVE-2012-4540 issue not fixed in 1.4 [fedora-all]2013-09-16
Bugzilla
CVE-2013-4349 icedtea-web: CVE-2012-4540 issue not fixed in 1.42013-09-13
CVE-2012-4349 — Heap-based Buffer Overflow in Symantec | cvebase