Symantec Endpoint Protection Client 11.x and 12.x contains a kernel pool overflow vulnerability.
CWE-788: Access of Memory Location After End of Buffer
An attacker logged into a Windows XP, Vista, 7, or 8 system as an unprivileged user is able to cause a kernel pool overflow in the sysplant driver with specially crafted IOCTL code. The sysplant driver is part of the Application and Device Control functionality in Symantec Endpoint Protection (SEP) client 11.x and 12.x. This feature is enabled by default in SEP client 11.x and 12.x.
An attacker with user credentials may be able to elevate privileges to SYSTEM and gain full control of the system.
Apply an Update
If the patch is unavailable or cannot be installed, consider the following workaround:
Thanks to Matteo Memelli for reporting this vulnerability.
This document was written by Chris King.
|Date First Published:||2014-08-04|
|Date Last Updated:||2014-08-04 19:56 UTC|