Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistSymantecCVELIST:CVE-2016-9094
HistoryApr 06, 2017 - 12:00 a.m.

CVE-2016-9094

2017-04-0600:00:00
symantec
www.cve.org

0.001 Low

EPSS

Percentile

37.5%

JSON

Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended product functionality. The quarantine logs can be exported for review by the user in a variety of formats including .CSV files. Prior to 14.0 MP1 and 12.1 RU6 MP7, the potential exists for file metadata to be interpreted and evaluated as a formula. Successful exploitation of an attack of this type requires considerable direct user-interaction from the user exporting and then opening the log files on the intended target client.

CNA Affected

[
  {
    "product": "Endpoint Protection",
    "vendor": "Symantec Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to SEP 14.0 MP1 & SEP 12.1 RU6 MP7"
      }
    ]
  }
]

Related

nessus 1
nvd 1
cve 1
prion 1
symantec 1
nessus
nessus
Symantec Endpoint Protection Client 12.1.x < 12.1 RU6 MP7 / 14.0.x < 14.0 MP1 Command Injection (SYM17-002)
2017-06-02 00:00:00
nvd
nvd
CVE-2016-9094
2018-04-16 19:29:00
cve
cve
CVE-2016-9094
2018-04-16 19:29:00
prion
prion
Design/Logic Flaw
2018-04-16 19:29:00
symantec
symantec
Symantec Endpoint Protection Clients Local Elevation of Privilege, CSV Formula Injection
2017-03-06 08:00:00

0.001 Low

EPSS

Percentile

37.5%

JSON
Related for CVELIST:CVE-2016-9094
nessus1nvd1cve1prion1symantec1