Vulnerability Details : CVE-2012-0289
Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2012-0289
Probability of exploitation activity in the next 30 days: 0.21%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 58 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-0289
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2012-0289
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0289
-
http://www.securitytracker.com/id?1027093
Symantec Endpoint Protection Bugs Let Remote Users Delete Files and Execute Arbitrary Code and Let Local Users Gain Elevated Privileges - SecurityTracker
-
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01
Symantec Endpoint Protection Multiple IssuesVendor Advisory
-
http://www.securityfocus.com/bid/51795
Symantec Endpoint Protection Local Privilege Escalation VulnerabilityExploit
Products affected by CVE-2012-0289
- cpe:2.3:a:symantec:endpoint_protection:11.0.6200.754:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:endpoint_protection:11.0.6000:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:endpoint_protection:11.0.6100:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:endpoint_protection:11.0.6300:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:endpoint_protection:11.0.6200:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:endpoint_protection:11.0.7000:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:endpoint_protection:11.0.7100:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:network_access_control:11.0.7100:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:network_access_control:11.0.6100:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:network_access_control:11.0.6200:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:network_access_control:11.0.6300:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:network_access_control:11.0.7000:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:network_access_control:11.0.6000:*:*:*:*:*:*:*