CVE-2012-0289

Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/51795	Exploit
http://www.securitytracker.com/id?1027093
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:symantec:endpoint_protection:11.0.6000:::::::*
	cpe:2.3:a:symantec:endpoint_protection:11.0.6100:::::::*
	cpe:2.3:a:symantec:endpoint_protection:11.0.6200:::::::*
	cpe:2.3:a:symantec:endpoint_protection:11.0.6200.754:::::::*
	cpe:2.3:a:symantec:endpoint_protection:11.0.6300:::::::*
	cpe:2.3:a:symantec:endpoint_protection:11.0.7000:::::::*
	cpe:2.3:a:symantec:endpoint_protection:11.0.7100:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:symantec:network_access_control:11.0.6000:::::::*
	cpe:2.3:a:symantec:network_access_control:11.0.6100:::::::*
	cpe:2.3:a:symantec:network_access_control:11.0.6200:::::::*
	cpe:2.3:a:symantec:network_access_control:11.0.6300:::::::*
	cpe:2.3:a:symantec:network_access_control:11.0.7000:::::::*
	cpe:2.3:a:symantec:network_access_control:11.0.7100:::::::*

History

No history.

Information

Published : 2012-05-23 21:55

Updated : 2024-02-28 12:00

NVD link : CVE-2012-0289

Mitre link : CVE-2012-0289

CVE.ORG link : CVE-2012-0289

JSON object : View

Products Affected

symantec

endpoint_protection
network_access_control

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2012-0289", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-05-23T21:55:01.037", "references": [{"url": "http://www.securityfocus.com/bid/51795", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1027093", "source": "cve@mitre.org"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en Symantec Endpoint Protection (SEP) v11.0.600x hasta v11.0.710x y Symantec Network Access Control (SNAC) v11.0.600x hasta v11.0.710x, permite a usuarios locales obtener privilegios, y modificar los datos o causar una denegaci\u00f3n de servicio, a trav\u00e9s de un script malicioso."}], "lastModified": "2012-10-30T03:59:57.970", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.6000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74A97619-5D8B-4634-BFA6-F73285865823"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.6100:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CF5F84C-91C1-4395-B988-9F9E4F87D8B9"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.6200:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0C0EFA7-71FE-48C9-97D3-F414F49DB495"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.6200.754:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "142BCA40-386C-4498-BECB-22BC07B240DD"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.6300:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD725528-A19A-465E-B427-EF426104B7AF"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.7000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFD42022-0168-4C9D-8EED-0E16322E8796"}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0.7100:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FE29507-7B24-44AD-8C15-C1063E34D7D9"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:network_access_control:11.0.6000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCFCFC06-BB3E-4EC0-99A6-B617988A5570"}, {"criteria": "cpe:2.3:a:symantec:network_access_control:11.0.6100:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3930F533-D9CF-41E9-A5F4-551874C780BC"}, {"criteria": "cpe:2.3:a:symantec:network_access_control:11.0.6200:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "009B26A2-7096-42B9-910D-3CC296FFF8BB"}, {"criteria": "cpe:2.3:a:symantec:network_access_control:11.0.6300:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F364C90E-F794-4A9C-981F-87EF54A2F81A"}, {"criteria": "cpe:2.3:a:symantec:network_access_control:11.0.7000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "639C9956-5510-48C0-97F6-236C1DEB6045"}, {"criteria": "cpe:2.3:a:symantec:network_access_control:11.0.7100:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EDFBF60-F92C-45A7-A142-88C688E1F307"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}