71 matches found
CVE-2020-5837
CVE-2020-5837 affects Symantec Endpoint Protection (Windows Endpoint) prior to version 14.3. The issue is that logging writes to files replaced by symbolic links may bypass standard file permissions, enabling elevation of privilege. Root cause centers on improper permission handling for log files...
CVE-2012-1459
CVE-2012-1459 affects multiple antivirus products including ClamAV. The issue is a vulnerability in the TAR file parser where a TAR archive entry length field could correspond to the entire entry plus part of the header of the next entry, allowing remote attackers to bypass malware detection. The...
CVE-2012-1457
CVE-2012-1457 affects the TAR file parser in multiple antivirus products (e.g., ClamAV and others) and allows remote attackers to bypass malware detection by crafting a TAR entry whose length exceeds the TAR file size. Connected advisories confirm this issue across vendor updates (e.g., openSUSE ...
CVE-2019-18372
CVE-2019-18372 concerns a local privilege-escalation vulnerability in Symantec Endpoint Protection (SEP) client and related components. According to Red Hat and Symantec advisories, SEP versions prior to 14.2 RU2 (and related SEPM/SMSMSE lines) are affected by privilege escalation, with attackers...
CVE-2019-12750
CVE-2019-12750 affects Symantec Endpoint Protection (SEP) and SEP Small Business Edition (SBE). Vulnerable components: SEP before 14.2 RU1 and 12.1 RU6 MP10, and SEP SBE before 12.1 RU6 MP10c (12.1.7491.7002). Root cause is a privilege-escalation vulnerability that could allow an attacker to obta...
CVE-2017-6331
Symantec Endpoint Protection (SEP) up to 12.1.6 RU6 MP5 / 12.1.x before RU6 MP9 or 14.0 before RU1 is affected by CVE-2017-6331. The issue is a Tamper-Protection Bypass caused by SEP not validating WinAPI message sources (UIPI), allowing spoofed UI messages to potentially disable or bypass real‑t...
CVE-2019-12758
CVE-2019-12758 affects Symantec Endpoint Protection (SEP)/SEP Manager prior to 14.2 RU2. The issue is an unsigned code execution vulnerability; a local attacker may execute code without a resident digital signature, in the context of the affected application. Documents from Red Hat and Symantec i...
CVE-2020-5836
CVE-2020-5836 affects Symantec Endpoint Protection (Windows Endpoint) prior to 14.3. The vulnerability allows a limited (authenticated, local) user to reset ACLs on a file when Tamper Protection is disabled, resulting in elevation of privilege. The issue is documented in multiple sources with the...
CVE-2012-1443
CVE-2012-1443 describes a bypass in the RAR file parser used by multiple antivirus products (e.g., ClamAV 0.96.4-related integrations and several vendors) where a RAR file starting with an MZ character sequence can be analyzed by user-assisted remote attackers to bypass malware detection. The evi...
CVE-2019-12757
Symantec Endpoint Protection (SEP) and SEP Small Business Edition (SEP SBE) are affected by CVE-2019-12757, a privilege-escalation flaw in versions before 14.2 RU2 and 12.1 RU6 MP10d (SEP SBE 12.1.7510.7002). The vulnerability allows an attacker with local access to elevate privileges within the ...
CVE-2009-1429
CVE-2009-1429 affects the Intel LANDesk Common Base Agent (CBA) used by Symantec products in the AMS2/Symantec System Center stack. A crafted packet could be interpreted as a command to be launched in a new process via CreateProcessA, enabling remote execution of arbitrary commands with SYSTEM pr...
CVE-2012-1461
The CVE-2012-1461 entry documents a vulnerability in the Gzip file parser used by multiple antivirus products (e.g., AVG, Bitdefender, Kaspersky, Symantec Endpoint Protection, Trend Micro, and others) that allows remote attackers to bypass malware detection by delivering a .tar.gz file containing...
CVE-2018-18366
Symantec Endpoint Protection Small Business Edition ccSetx86.sys kernel driver (IOCTL 0x224844) has an information-disclosure vulnerability. A specially crafted IRP can cause the driver to return uninitialized kernel memory to a user-mode process, potentially leaking sensitive data. The issue is ...
CVE-2012-1456
The CVE-2012-1456 entry concerns a vulnerability in the TAR file parser across multiple AV products (AVG, Quick Heal, Comodo, Emsisoft, eSafe, F-Prot, Fortinet, Ikarus, Jiangmin, Kaspersky, McAfee, Norman, Panda, Rising, Sophos, AVEngine 20101.3.0.103 in Symantec Endpoint Protection, Trend Micro)...
CVE-2016-5311
CVE-2016-5311 describes a local privilege-escalation in multiple Symantec Norton product lines (Antivirus, Security, Internet Security, 360, Endpoint Protection, etc.) caused by DLL preloading with inadequate path restrictions. The underlying issue is improper DLL search/path handling, allowing a...
CVE-2017-13680
Summary: CVE-2017-13680 affects Symantec Endpoint Protection (SEP) Windows endpoints. The vulnerability allows an attacker to perform unauthorized file deletions via the product UI. Affected versions are SEP 12.1 RU6 MP9 and SEP 14 RU1. Root cause/impact: UI-driven file deletion on the resident f...
CVE-2017-13681
Symantec Endpoint Protection (SEP) is affected by CVE-2017-13681, a privilege-escalation flaw in SEP prior to 12.1 RU6 MP9. The issue requires multiple file and directory writes to the local filesystem, limiting exploit feasibility to non-drive-by scenarios. Impact is described as elevated access...
CVE-2019-12756
Symantec Endpoint Protection (SEP) clients prior to 14.2 RU2 are susceptible to a local password-protection bypass (CVE-2019-12756). An authenticated local attacker could bypass the second layer of password protection and perform actions with local privileges. Connected advisories also reference ...
CVE-2016-2211
MODE C: The connected Nessus/OpenVAS entries describe CVE-2016-2211 as part of a set of vulnerabilities in Symantec products (notably the Decomposer/UNPACK engine and related parsers) affecting multiple versions of Symantec Protection for SharePoint Servers, Protection Engine, Web Gateway, and re...
CVE-2016-2209
CVE-2016-2209 is a stack-based buffer overflow in Symantec products, notably in the PPT handling path (Dec2LHA.dll) of Symantec Protection for SharePoint Servers (versions 6.0.x up to HF1.6) and related Symantec Protection Engine deployments. It arises from improper validation of user-supplied PP...
CVE-2009-1431
Symantec Alert Management System (AMS2) Intel File Transfer service (XFR.EXE) is affected. A design flaw allows remote code execution by an unauthenticated attacker who places code on a share or WebDAV server and then sends the UNC path to the XFR.EXE service. Impact can affect Symantec System Ce...
CVE-2009-1432
CVE-2009-1432 affects Symantec Reporting Server, used with Symantec AntiVirus Corporate Edition, Symantec Client Security, and Symantec Endpoint Protection Manager. A URL handling error in the Reporting Server login page allows remote attackers to display arbitrary text via a crafted link, enabli...
CVE-2014-3434
CVE-2014-3434 describes a kernel pool overflow in the Symantec Endpoint Protection (SEP) client sysplant driver. Affected products include SEP 11.x and SEP 12.x (before 12.1 RU4 MP1b) and SEP 12.1 Small Business Edition before 12.1 RU4 MP1b. The issue arises from insufficient validation of extern...
CVE-2016-3644
CVE-2016-3644 is a vulnerability in the Norton/Symantec decomposer/mime-parsing path (CMIMEParser::UpdateHeader) that can be triggered by specially crafted MIME data, potentially leading to memory corruption, a denial of service, or arbitrary code execution. The linked Nessus/OpenVAS entries tie ...
CVE-2020-5823
Symantec Endpoint Protection (SEP) and SEP Small Business Edition (SEP SBE) before 14.2 RU2 MP1 (SEP) and before 14.2.5569.2100 (SEP SBE) are affected by a privilege-escalation vulnerability. Exploitation would allow local attackers to gain elevated access. Remediation is to upgrade to SEP 14.2 R...
CVE-2010-3268
Symantec Intel Alert Management System (AMS) remote DoS (CVE-2010-3268) affects hndlrsvc.exe/ prgxhndl.dll when parsing the CommandLine field in AMS requests. GetStringAMSHandler() forwards to AMSLIB.AMSGetPastParamList, which can crash the service by dereferencing an invalid memory read during C...
CVE-2009-1428
The CVE-2009-1428 entry describes two parsing errors in the ccLgView.exe component of the Symantec Log Viewer used by multiple Norton/Symantec products (SAV before 10.1 MR8, SEP before 11.0 MR1, Norton 360 1.0, Norton Internet Security 2005–2008). The vulnerability enables remote XSS via a crafte...
CVE-2012-0289
CVE-2012-0289 affects Symantec Endpoint Protection and Symantec Network Access Control (SEP/SNAC) on Windows. The issue is a buffer overflow in SEP/SNAC components (notably SemSvc/AgentServlet) that, via crafted input, allowed local users to gain privileges and potentially cause data modification...
CVE-2013-5011
CVE-2013-5011 is an unquoted Windows search path vulnerability affecting the Symantec Endpoint Protection (SEP) client. The issue exists in SEP 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 (and Small Business Edition 12.x before 12.1.2 RU2), where an unquoted path in the SYSTEMDRIVE root could...
CVE-2016-2207
The CVE-2016-2207 family is associated with multiple Symantec products (Norton/Norton AntiVirus/Norton Internet Security/Norton 360, SEP, SPE, SMSMSE, SMSDOM, SPSS, SWG, and related protection engines) and third-party components (Unpack ShortLZ in UnRAR, Dec2LHA, libmspack, MIME parsing, TNEF, ZI...
CVE-2016-3646
CVE-2016-3646 affects the Decompressor (UnShrink/ZIP handling) in Symantec Norton/Norton Security and related products across the Symantec stack (including ATP, SDCS:S, Web Gateway, SEP on multiple platforms, SPE, SPSS, SMSMSE, SMSDOM, CSAPI, SMG/SMG-SP, Norton for Mac/Windows, NPE, NBRT). The is...
CVE-2018-12238
CVE-2018-12238 is an AV bypass affecting Norton/Symantec endpoint products. Affected include Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 and 14.2; SEP SBE prior to NIS-22.15.1.8 and SEP-12.1.7454.7000; and SEP Cloud prior to 22.15.1. The issue enables evading...
CVE-2016-5309
CVE-2016-5309 is a DoS in the RAR file parser of Symantec’s decomposer engines across multiple products (ATP/NS/SEPs/SPE/SMG family). The root cause is an out-of-bounds read during RAR decompression, allowing remote attackers to crash affected applications via specially crafted RAR files. A close...
CVE-2016-5310
CVE-2016-5310 covers a denial-of-service memory-corruption issue in the RAR file parser/decompressor across Symantec products (ATP, various SEP variants, SPE, SMSG, SMSDOM, SPSS, SMSMSE, SEPC, SEPC, etc.). The root cause is mishandling of crafted RAR archives in the decompression path, leading to...
CVE-2018-12245
CVE-2018-12245 affects Symantec Endpoint Protection (SEP) Client versions prior to 14.2 MP1. It is a DLL Preloading vulnerability that can trigger when an application is installed, loading a DLL supplied by an attacker. Impact details are described in the connected sources as a install-time issue...
CVE-2009-1430
CVE-2009-1430 describes multiple stack-based buffer overflows in the IAO.EXE component of the Intel Alert Originator Service used by Symantec Alert Management System 2 (AMS2). The underlying fault is a boundary/stack overflow in the MsgSys.exe path that can be triggered by either a crafted networ...
CVE-2020-5824
CVE-2020-5824 affects Symantec Endpoint Protection (SEP) and SEP Small Business Edition (SEP SBE) pre-14.2 RU2 MP1 and pre-14.2.5569.2100, respectively. It is a Denial of Service vulnerability that can exhaust resources and render certain functions unavailable. Connected advisories also reference...
CVE-2020-5820
CVE-2020-5820 affects Symantec Endpoint Protection (SEP) and SEP Small Business Edition (SEP SBE) prior to 14.2 RU2 MP1 (and 14.2.5569.2100, respectively). The connected advisories describe a privilege escalation vulnerability rooted in insufficient validation within components used by SEP/SEP SB...
CVE-2020-5826
Summary: CVE-2020-5826 affects Symantec Endpoint Protection (SEP) and SEP Small Business Edition (SEP SBE) prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, with an out-of-bounds vulnerability that can cause the application to read memory outside allocated bounds. Technical details:...
CVE-2010-0108
The CVE-2010-0108 issue is a buffer overflow in the Symantec Client Proxy ActiveX (CLIproxy.dll). Affected products include Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4, plus Symantec Client Security 3.0.x and 3.1.x before MR9. The underlying cause is insufficient boundary ...
CVE-2012-1462
CVE-2012-1462 describes a vulnerability in the ZIP file parser used by multiple antivirus products (e.g., Symantec Endpoint Protection 11, AhnLab V3 Internet Security, AVG, Quick Heal, Emsisoft Anti-Malware, Sophos, Kaspersky, Fortinet, etc.). The issue allows remote attackers to bypass malware d...
CVE-2012-1821
CVE-2012-1821 affects the Symantec Endpoint Protection Manager 11.x Network Threat Protection module on Windows Server 2003, with SEP 11.0.600x–11.0.700x. A remote attacker can trigger a denial of service by flooding the web server, causing it to become unresponsive or the daemon to crash/hang. T...
CVE-2016-2210
CVE-2016-2210 is described in connected advisories as a buffer overflow in the Dec2LHA.dll (CSymLHA::get_header) used by Symantec Norton/Norton-related decomposer engines to decompress LZH/LHA archives. The vulnerability affects multiple Symantec products (e.g., Protection Engine, Protection for ...
CVE-2010-0114
The CVE concerns Symantec Endpoint Protection Manager’s Reporting Module (fw_charts.php) where an attacker could overwrite PHP scripts and execute arbitrary code. Concrete details across sources: vulnerability exists in SEP 11.x prior to 11 RU6 MP2; the flaw is in the report-generation component ...
CVE-2012-4348
The CVE-2012-4348 entry corresponds to a vulnerability in Symantec Endpoint Protection Manager/Protection Center where PHP scripts do not properly validate external input, enabling remote code execution. Affected products are SEP 11.0 before RU7-MP3, SEP 12.1 before RU2, and SEP Small Business Ed...
CVE-2014-9228
Summary (CVE-2014-9228) : In Symantec Endpoint Protection Manager, the sysplant.sys component (Manager) before 12.1.6 can trigger a deadlock when handling specific calls, leading to a DoS by blocking system shutdown. This is described in the NVD entry for CVE-2014-9228 and corroborated by related...
CVE-2015-8113
Summary (CVE-2015-8113): SEP 12.1 before 12.1-RU6-MP3 is vulnerable to local privilege escalation via an untrusted search path (Trojan horse DLL) in a client install package. This stems from an incomplete fix for CVE-2015-1492 and affects SEP clients; the issue can be exploited locally to gain pr...
CVE-2020-5825
CVE-2020-5825 affects Symantec Endpoint Protection (SEP) and SEP SBE prior to 14.2 RU2 MP1 (14.2.5569.2100). It is an arbitrary file write vulnerability allowing overwriting of existing files without proper privileges (local access). Remediation is to upgrade to SEP/SEP SBE 14.2 RU2 MP1 (14.2.556...
CVE-2013-5009
The CVE-2013-5009 issue affects Symantec Endpoint Protection Manager (SEP/Mgr) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2, as well as Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2. The vulnerability is an authentication flaw in the Management Console that allows an authen...
CVE-2016-9094
Symantec Endpoint Protection (SEP) Client 12.1.x before 12.1 RU6 MP7 or 14.0.x before 14.0 MP1 is affected by CVE-2016-9094. The issue arises when exporting quarantine logs (CSV format); file metadata can be interpreted as a formula, enabling a formula-injection style vulnerability. Exploitation ...