CVE-2016-9093 : A version of the SymEvent Driver that shipped with Symantec Endpoint Protection

A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able to successfully run that file. If properly constructed, the file could access the driver interface and potentially manipulate certain system calls. On all 32-bit systems and in most cases on 64-bit systems, this will result in a denial of service that will crash the system. In very narrow circumstances, and on 64-bit systems only, this could allow the user to run arbitrary code on the local machine with kernel-level privileges. This could result in a non-privileged user gaining privileged access on the local machine.

Published 2018-04-16 19:29:00

Updated 2018-05-23 14:22:29

Source Symantec Corporation

View at NVD, CVE.org

Vulnerability category: Input validationDenial of service

Products affected by CVE-2016-9093

Symantec » Endpoint Protection
Versions up to, including, (<=) 12.1.6
cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:*:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1.6 Update MP1
cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1.6 Update MP2
cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1.6 Update MP3
cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1.6 Update MP4
cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1.6 Update Mp1a
cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1a:*:*:*:*:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1.6 Update MP6
cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp6:*:*:*:*:*:*
Matching versions
Symantec » Endpoint Protection » Version: 12.1.6 Update MP5
cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp5:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-9093

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 27 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-9093

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.0	HIGH	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	1.0	5.9	NIST
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-9093

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-9093

http://www.securitytracker.com/id/1037961

Symantec Endpoint Protection Lets Local Users Gain Elevated Privileges and Remote Users Injection Formulas into Exported CSV Files in Certain Cases - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.securityfocus.com/bid/96294

Symantec Endpoint Protection Client CVE-2016-9093 Local Privilege Escalation Vulnerability
Third Party Advisory;VDB Entry
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170306_00

Symantec Endpoint Protection Clients Local Elevation of Privilege, CSV Formula Injection
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-9093

Products affected by CVE-2016-9093

Exploit prediction scoring system (EPSS) score for CVE-2016-9093

CVSS scores for CVE-2016-9093

CWE ids for CVE-2016-9093

References for CVE-2016-9093