Symantec Corporation Endpoint Protection vulnerabilities

CVE-2016-9093 [HIGH] CWE-20 CVE-2016-9093: A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and ear A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able to successfully run that file. If properly constructed, the

CVE-2016-9094 [HIGH] CWE-20 CVE-2016-9094: Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended pr Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended product functionality. The quarantine logs can be exported for review by the user in a variety of formats including .CSV files. Prior to 14.0 MP1 and 12.1 RU6 MP7, the potential exists for file metadata to be interpreted and evaluated as a formula. Successfu