You are here

V-182: Symantec Endpoint Protection Manager Buffer Overflow Vulnerability

June 20, 2013 - 6:00am

Addthis

PROBLEM:

A vulnerability has been reported in Symantec Endpoint Protection Manager

PLATFORM:

The vulnerability is reported in versions 12.1.x prior to 12.1 RU3

ABSTRACT:

Symantec was notified of a pre-authentication buffer overflow found in the Symantec Endpoint Protection Manager (SEPM) and Symantec Endpoint Protection Center (SPC)

REFERENCE LINKS:

Secunia Advisory SA53864
SecurityTracker Alert ID:  1028683
Symantec Adivsory SYM13-005
CVE-2013-1612

IMPACT ASSESSMENT:

Medium

DISCUSSION:

The vulnerability is caused due to a boundary error within secars.dll and can be exploited to cause a buffer overflow via the web-based management console.

IMPACT:

Manipulation of data
System Access

SOLUTION:

Vendor recommends updating to version 12.1 RU3

Addthis