CVE-2014-3434

Published Aug 6, 2014

Last updated 7 years ago

Overview

Description: Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call.
Source: secure@symantec.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E269D396-3A70-4C4B-9D79-CBBA75C280D8"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.0:-:small_business:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D7E851B-1A0A-4077-9FCF-754D4FF798FF"
          },
          {
            "criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A8C3211-6088-49D6-8228-C4E9B5DF1631"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References