Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1612 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Endpoint Protection Center

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

7.9HIGHNVD

EPSS

2.7%

top 14.09%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Symantec Endpoint Protection Center Symantec Endpoint Protection Manager

Timeline

PublishedJun 20

Latest updateMay 17

Description

Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition 12.0.x, allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS vector

AV:A/AC:M/C:C/I:C/A:CExploitability: 5.5 | Impact: 10.0

Affected Packages2 packages

▶NVDsymantec/endpoint_protection_center12.0.0, 12.0.1+1

▶NVDsymantec/endpoint_protection_manager12.1.0, 12.1.1, 12.1.2+2

🔴Vulnerability Details

GHSA

GHSA-f29q-g5f7-h3m7: Buffer overflow in secars↗2022-05-17

▶

CVEList

CVE-2013-1612: Buffer overflow in secars↗2013-06-20

▶

💥Exploits & PoCs

Exploit-DB

Symantec Endpoint Protection Manager 12.1.x - Overflow (SEH) (PoC)↗2014-04-27

▶