CVE-2014-7286

Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/71727	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031421	VDB Entry
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141219_00	Vendor Advisory
http://www.securityfocus.com/bid/71727	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031421	VDB Entry
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141219_00	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:symantec:deployment_solution:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_server_2003::::::::
	cpe:2.3:o:microsoft:windows_xp::::::::

History

21 Nov 2024, 02:16

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/71727 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/71727 - Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id/1031421 - VDB Entry~~	() http://www.securitytracker.com/id/1031421 - VDB Entry
References	~~() http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141219_00 - Vendor Advisory~~	() http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141219_00 - Vendor Advisory

Information

Published : 2014-12-22 15:59

Updated : 2024-11-21 02:16

NVD link : CVE-2014-7286

Mitre link : CVE-2014-7286

CVE.ORG link : CVE-2014-7286

JSON object : View

Products Affected

symantec

deployment_solution

microsoft

windows_server_2003
windows_xp

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2014-7286", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-12-22T15:59:00.053", "references": [{"url": "http://www.securityfocus.com/bid/71727", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@symantec.com"}, {"url": "http://www.securitytracker.com/id/1031421", "tags": ["VDB Entry"], "source": "secure@symantec.com"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141219_00", "tags": ["Vendor Advisory"], "source": "secure@symantec.com"}, {"url": "http://www.securityfocus.com/bid/71727", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1031421", "tags": ["VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141219_00", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors."}, {"lang": "es", "value": "Desbordamiento de buffer en AClient en Symantec Deployment Solution 6.9 y anteriores en Windows XP y Server 2003 permite a usuarios locales obtener privilegios a trav\u00e9s de vectores sin especificar."}], "lastModified": "2024-11-21T02:16:41.160", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:deployment_solution:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBDF4DA8-817A-4680-9DF6-2F5E94BBDE47", "versionEndIncluding": "6.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secure@symantec.com"}