Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-3434Improper Restriction of Operations within the Bounds of a Memory Buffer in Endpoint Protection

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
6.9MEDIUMNVD
EPSS
0.6%
top 29.69%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Symantec Endpoint Protection
Timeline
PublishedAug 6
Latest updateMay 17

Description

Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

NVDsymantec/endpoint_protection11.0, 12.0, 12.1+2

🔴Vulnerability Details

2
GHSA
GHSA-xcq9-r62j-qxcv: Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 112022-05-17
CVEList
CVE-2014-3434: Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 112014-08-06

💥Exploits & PoCs

1
Exploit-DB
Symantec Endpoint Protection 11.x/12.x - Kernel Pool Overflow / Local Privilege Escalation2014-08-05
CVE-2014-3434 — Symantec vulnerability | cvebase