Vulnerability Description
Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Endpoint Protection | 11.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/127772/Symantec-Endpoint-Protection-11.x-12
- http://secunia.com/advisories/58996
- http://secunia.com/advisories/59697
- http://www.exploit-db.com/exploits/34272Exploit
- http://www.kb.cert.org/vuls/id/252068US Government Resource
- http://www.osvdb.org/109663
- http://www.securityfocus.com/bid/68946Exploit
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95062
- http://packetstormsecurity.com/files/127772/Symantec-Endpoint-Protection-11.x-12
- http://secunia.com/advisories/58996
- http://secunia.com/advisories/59697
- http://www.exploit-db.com/exploits/34272Exploit
- http://www.kb.cert.org/vuls/id/252068US Government Resource
- http://www.osvdb.org/109663
FAQ
What is CVE-2014-3434?
CVE-2014-3434 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitr...
How severe is CVE-2014-3434?
CVE-2014-3434 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3434?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Endpoint Protection.