Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2016-9094
HistoryApr 16, 2018 - 7:29 p.m.

Design/Logic Flaw

2018-04-1619:29:00
PRIOn knowledge base
www.prio-n.com
3

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.5%

JSON

Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended product functionality. The quarantine logs can be exported for review by the user in a variety of formats including .CSV files. Prior to 14.0 MP1 and 12.1 RU6 MP7, the potential exists for file metadata to be interpreted and evaluated as a formula. Successful exploitation of an attack of this type requires considerable direct user-interaction from the user exporting and then opening the log files on the intended target client.

Related

nessus 1
nvd 1
cve 1
cvelist 1
symantec 1
nessus
nessus
Symantec Endpoint Protection Client 12.1.x < 12.1 RU6 MP7 / 14.0.x < 14.0 MP1 Command Injection (SYM17-002)
2017-06-02 00:00:00
nvd
nvd
CVE-2016-9094
2018-04-16 19:29:00
cve
cve
CVE-2016-9094
2018-04-16 19:29:00
cvelist
cvelist
CVE-2016-9094
2017-04-06 00:00:00
symantec
symantec
Symantec Endpoint Protection Clients Local Elevation of Privilege, CSV Formula Injection
2017-03-06 08:00:00

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.5%

JSON
Related for PRION:CVE-2016-9094
nessus1nvd1cve1cvelist1symantec1