Vulnerability Note VU#252068
Symantec Endpoint Protection Client contains a kernel pool overflow vulnerability
Symantec Endpoint Protection Client 11.x and 12.x contains a kernel pool overflow vulnerability.
CWE-788: Access of Memory Location After End of Buffer
An attacker logged into a Windows XP, Vista, 7, or 8 system as an unprivileged user is able to cause a kernel pool overflow in the sysplant driver with specially crafted IOCTL code. The sysplant driver is part of the Application and Device Control functionality in Symantec Endpoint Protection (SEP) client 11.x and 12.x. This feature is enabled by default in SEP client 11.x and 12.x.
An attacker with user credentials may be able to elevate privileges to SYSTEM and gain full control of the system.
Apply an Update
If the patch is unavailable or cannot be installed, consider the following workaround:
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Symantec||Affected||22 Jul 2014||01 Aug 2014|
CVSS Metrics (Learn More)
Thanks to Matteo Memelli for reporting this vulnerability.
This document was written by Chris King.
- CVE IDs: CVE-2014-3434
- Date Public: 04 Aug 2014
- Date First Published: 04 Aug 2014
- Date Last Updated: 04 Aug 2014
- Document Revision: 20
If you have feedback, comments, or additional information about this vulnerability, please send us email.