CVE-2014-3434

Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:endpoint_protection:12.0:-:small_business:*:*:*:*:*
cpe:2.3:a:symantec:endpoint_protection:12.1:*:*:*:*:*:*:*

History

21 Nov 2024, 02:08

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/127772/Symantec-Endpoint-Protection-11.x-12.x-Kernel-Pool-Overflow.html - () http://packetstormsecurity.com/files/127772/Symantec-Endpoint-Protection-11.x-12.x-Kernel-Pool-Overflow.html -
References () http://secunia.com/advisories/58996 - () http://secunia.com/advisories/58996 -
References () http://secunia.com/advisories/59697 - () http://secunia.com/advisories/59697 -
References () http://www.exploit-db.com/exploits/34272 - Exploit () http://www.exploit-db.com/exploits/34272 - Exploit
References () http://www.kb.cert.org/vuls/id/252068 - US Government Resource () http://www.kb.cert.org/vuls/id/252068 - US Government Resource
References () http://www.osvdb.org/109663 - () http://www.osvdb.org/109663 -
References () http://www.securityfocus.com/bid/68946 - Exploit () http://www.securityfocus.com/bid/68946 - Exploit
References () http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140804_00 - Vendor Advisory () http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140804_00 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/95062 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/95062 -

Information

Published : 2014-08-06 19:55

Updated : 2024-11-21 02:08


NVD link : CVE-2014-3434

Mitre link : CVE-2014-3434

CVE.ORG link : CVE-2014-3434


JSON object : View

Products Affected

symantec

  • endpoint_protection
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer