Vulnerability Details : CVE-2015-1492
Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package.
Vulnerability category: Input validation
Products affected by CVE-2015-1492
- cpe:2.3:a:symantec:endpoint_protection_manager:12.1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1492
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1492
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.5
|
HIGH | AV:N/AC:M/Au:S/C:C/I:C/A:C |
6.8
|
10.0
|
NIST |
CWE ids for CVE-2015-1492
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1492
-
http://www.securitytracker.com/id/1033165
Symantec Endpoint Protection Multiple Flaws Let Remote Users Bypass Authenticated and Remote Authenticated Users Read/Write Files, Inject SQL Commands, and Gain Elevated Privileges - SecurityTracker
-
http://www.securityfocus.com/bid/76083
Symantec Endpoint Protection Clients CVE-2015-1492 Binary Planting Vulnerability
-
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00
Symantec Endpoint Protection Multiple IssuesVendor Advisory
Jump to