Symantec Endpoint Protection CVE-2012-0295 File Include Vulnerability

Symantec Endpoint Protection is prone to a file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to insert and execute arbitrary code in the context of the affected application. This may facilitate remote privilege escalation and compromise the underlying system; other attacks are also possible.

NOTE: Successful exploits may require an attacker to first exploit BID 53182 (Symantec Endpoint Protection CVE-2012-0294 Directory Traversal Vulnerability).

Symantec Endpoint Protection 12.1 is vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus