The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Symantec Endpoint Protection

vulnerability CVE-2016-5308

Symantec Endpoint Protection, Norton Security: memory corruption in the parser for executable files

Synthesis of the vulnerability

An attacker can generate a memory corruption in the executable file parser of Symantec Endpoint Protection and Norton Security, in order to trigger a denial of service, and possibly to run code with the kernel privileges.
Impacted products: Norton Security, SEP.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: document.
Creation date: 08/07/2016.
Identifiers: CVE-2016-5308, SYM16-013, TALOS-2016-0182, VIGILANCE-VUL-20050.

Description of the vulnerability

The products Symantec Endpoint Protection and Norton Security analyse executable files.

To be able to intercept attempts to run a program file or load a shared library, the parser must be in the kernel. However, the kernel driver does not rightly manage some ill formed files. An attacker can inject code into the kernel memory space.

An attacker can therefore generate a memory corruption in the executable file parser of Symantec Endpoint Protection and Norton Security, in order to trigger a denial of service, and possibly to run code with the kernel privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-2207 CVE-2016-2209 CVE-2016-2210

Symantec: seven vulnerabilities of the "Decomposer" module

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Symantec products.
Impacted products: Norton Antivirus, Norton Internet Security, Norton Security, SEP, Symantec Mail Security, Symantec Web Gateway, SWS.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 29/06/2016.
Revision date: 29/06/2016.
Identifiers: 810, 814, 816, 818, 819, 821, 823, CERTFR-2016-AVI-222, CVE-2016-2207, CVE-2016-2209, CVE-2016-2210, CVE-2016-2211, CVE-2016-3644, CVE-2016-3645, CVE-2016-3646, VIGILANCE-VUL-19997.

Description of the vulnerability

Several vulnerabilities were announced in Symantec Endpoint Protection.

An attacker can generate a buffer overflow via a substream of MS-Office file, in order to trigger a denial of service, and possibly to run code. [severity:4/4; 823, CVE-2016-2209]

An attacker can force a read at an invalid address via ALPkOldFormatDecompressor::UnShrink, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; 821, CVE-2016-3646]

An attacker can generate an integer overflow via Attachment::setDataFromAttachment, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 819, CVE-2016-3645]

An attacker can generate a buffer overflow via CMIMEParser::UpdateHeader, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 818, CVE-2016-3644]

An attacker can generate a memory corruption via a MSPACK archive, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 816, CVE-2016-2211]

An attacker can generate a buffer overflow via CSymLHA::get_header, in order to trigger a denial of service, and possibly to run code. [severity:4/4; 814, CVE-2016-2210]

An attacker can generate a memory corruption via a RAR archive, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 810, CVE-2016-2207]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-8801 CVE-2016-3647 CVE-2016-3648

Symantec Endpoint Protection: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Symantec Endpoint Protection.
Impacted products: SEP.
Severity: 2/4.
Consequences: privileged access/rights, client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 12.
Creation date: 29/06/2016.
Identifiers: CVE-2015-8801, CVE-2016-3647, CVE-2016-3648, CVE-2016-3649, CVE-2016-3650, CVE-2016-3651, CVE-2016-3652, CVE-2016-3653, CVE-2016-5304, CVE-2016-5305, CVE-2016-5306, CVE-2016-5307, SYM16-011, VIGILANCE-VUL-19996.

Description of the vulnerability

Several vulnerabilities were announced in Symantec Endpoint Protection.

An attacker can trigger a Cross Site Request Forgery, in order to force the victim to perform operations. [severity:2/4; CVE-2016-3647]

An attacker can try many authentication attempts since accounts are never locked. [severity:1/4; CVE-2016-3648]

An attacker can get information on existing administrator accounts. [severity:1/4; CVE-2016-3649]

An attacker can get server credentials. [severity:1/4; CVE-2016-3650]

An attacker can trigger a Cross Site Scripting via a DOM interface, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-3651]

An attacker can trigger a Cross Site Scripting via a management console, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-3652]

An attacker can trigger a Cross Site Request Forgery via a management console, in order to force the victim to perform operations. [severity:2/4; CVE-2016-3653]

An attacker can deceive the user, in order to redirect him to a malicious site. [severity:1/4; CVE-2016-5304]

An attacker can change a DOM interface to manipulate a link on php script. [severity:1/4; CVE-2016-5305]

An attacker can bypass "Strict transport security" rules using the port 8445. [severity:1/4; CVE-2016-5306]

An attacker can traverse directories in the management console, in order to read a file outside the root path. [severity:2/4; CVE-2016-5307]

An attacker can exploit race conditions, in order to escalate his privileges. [severity:1/4; CVE-2015-8801]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-2208

Symantec AVE: memory corruption via PE Header

Synthesis of the vulnerability

An attacker can generate a memory corruption via a PE Header on Symantec AVE, in order to trigger a denial of service, and possibly to run code with system privileges.
Impacted products: Norton Antivirus, Norton Internet Security, Norton Security, Symantec AV, SEP.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service.
Provenance: document.
Creation date: 17/05/2016.
Identifiers: 820, BID-90653, CVE-2016-2208, SYM16-008, VIGILANCE-VUL-19636.

Description of the vulnerability

The Symantec AVE engine analyzes executable in PE format.

However, a malformed PE header corrupts the memory of a kernel driver.

An attacker can therefore generate a memory corruption via a PE Header on Symantec AVE, in order to trigger a denial of service, and possibly to run code with system privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2015-8152 CVE-2015-8153 CVE-2015-8154

Symantec Endpoint Protection: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Symantec Endpoint Protection.
Impacted products: SEP.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, data creation/edition.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 18/03/2016.
Identifiers: CERTFR-2016-AVI-102, CVE-2015-8152, CVE-2015-8153, CVE-2015-8154, SYM16-003, VIGILANCE-VUL-19195.

Description of the vulnerability

Several vulnerabilities were announced in Symantec Endpoint Protection.

An attacker can trigger a Cross Site Request Forgery, in order to force the victim to perform operations. [severity:2/4; CVE-2015-8152]

An attacker can use a SQL injection, in order to read or alter data. [severity:2/4; CVE-2015-8153]

An attacker can bypass security features in SysPlant.sys, in order to escalate his privileges. [severity:2/4; CVE-2015-8154]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2015-6554 CVE-2015-6555 CVE-2015-8113

Symantec Endpoint Protection: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Symantec Endpoint Protection.
Impacted products: SEP.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 10/11/2015.
Identifiers: CVE-2015-6554, CVE-2015-6555, CVE-2015-8113, SYM15-011, VIGILANCE-VUL-18275.

Description of the vulnerability

Several vulnerabilities were announced in Symantec Endpoint Protection.

An attacker can use malicious data, in order to run privileged shell commands. [severity:3/4; CVE-2015-6554]

An attacker can connect to the Java console port, in order to run privileged shell commands. [severity:3/4; CVE-2015-6555]

An attacker can use a DLL preload, in order to run code, because the fix for CVE-2015-1492 (VIGILANCE-VUL-17553) is incomplete. [severity:2/4; CVE-2015-8113]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-1486 CVE-2015-1487 CVE-2015-1488

Symantec Endpoint Protection: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Symantec Endpoint Protection.
Impacted products: SEP.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, data creation/edition, data deletion.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 7.
Creation date: 31/07/2015.
Identifiers: CERTFR-2015-AVI-361, CVE-2015-1486, CVE-2015-1487, CVE-2015-1488, CVE-2015-1489, CVE-2015-1490, CVE-2015-1491, CVE-2015-1492, SYM15-007, VIGILANCE-VUL-17553.

Description of the vulnerability

Several vulnerabilities were announced in Symantec Endpoint Protection.

An attacker can bypass security features in Password Reset, in order to escalate his privileges. [severity:2/4; CVE-2015-1486]

An attacker can use the Console Session, in order to create a file. [severity:2/4; CVE-2015-1487]

An attacker can use an Action Handler, in order to read a file. [severity:1/4; CVE-2015-1488]

An attacker can bypass security features in a SEPM Service, in order to escalate his privileges. [severity:2/4; CVE-2015-1489]

An attacker can traverse directories during a client installation, in order to read a file outside the root path. [severity:2/4; CVE-2015-1490]

An attacker can use a SQL injection, in order to read or alter data. [severity:2/4; CVE-2015-1491]

An attacker can use a DLL preload, in order to run code. [severity:2/4; CVE-2015-1492]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2014-9227 CVE-2014-9228 CVE-2014-9229

Symantec Endpoint Protection: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Symantec Endpoint Protection.
Impacted products: SEP.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, data reading, data creation/edition, data deletion.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 3.
Creation date: 18/06/2015.
Identifiers: CVE-2014-9227, CVE-2014-9228, CVE-2014-9229, SYM15-005, VIGILANCE-VUL-17170.

Description of the vulnerability

Several vulnerabilities were announced in Symantec Endpoint Protection.

An attacker can use a SQL injection in the Manager, in order to guess or alter data. [severity:2/4; CVE-2014-9229]

An attacker can trigger a deadlock in the driver "sysplant.sys", in order to prevent normal system shutdown. [severity:1/4; CVE-2014-9228]

An attacker can bypass restrictions about where DLL may be loaded from, in order to make a process running with the SYSTEM privileges run arbitrary code. [severity:3/4; CVE-2014-9227]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2014-3437 CVE-2014-3438 CVE-2014-3439

Symantec Endpoint Protection: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Symantec Endpoint Protection.
Impacted products: SEP.
Severity: 3/4.
Consequences: administrator access/rights, user access/rights, data reading, data deletion.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 06/11/2014.
Identifiers: CVE-2014-3437, CVE-2014-3438, CVE-2014-3439, SYM14-015, VIGILANCE-VUL-15599.

Description of the vulnerability

Several vulnerabilities were announced in Symantec Endpoint Protection.

An attacker can transmit malicious XML data by publishing them at the URL "http://securityresponse.symantec.com/avcenter/deepsightkiosk/9.xml", in order to read a file, scan sites, or trigger a denial of service. [severity:3/4; CVE-2014-3437]

An attacker can trigger a Cross Site Scripting in several pages, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2014-3438]

An attacker can make Endpoint Protection Manager overwrite an arbitrary file, in order to delete or alter data. [severity:2/4; CVE-2014-3439]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-3434

Symantec Endpoint Protection: buffer overflow of sysplant

Synthesis of the vulnerability

An attacker can generate a buffer overflow in sysplant of Symantec Endpoint Protection, in order to trigger a denial of service, and possibly to execute code.
Impacted products: SEP.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 05/08/2014.
Identifiers: CVE-2014-3434, SYM14-013, TECH223338, VIGILANCE-VUL-15124, VU#252068.

Description of the vulnerability

The Symantec Endpoint Protection include a device driver that is reachable by "ioctl" commands.

However, for some commands, the driver does not handle the length of exchange data, which allows the caller process to inject code into the buffer.

An attacker can therefore generate a buffer overflow in sysplant of Symantec Endpoint Protection, in order to trigger a denial of service, and possibly to execute code with the kernel privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Symantec Endpoint Protection: