Zero Day Initiative Advisory 12-145 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Endpoint Protection. Authentication is not required to exploit this vulnerability. The specific flaw exists within SemSvc.exe which listens by default on TCP port 8443 (https). The SemSvc service exposes a servlet called 'AgentServlet" which allows remote users to activate certain tasks without prior authentication. In doing so, it is vulnerable to directory traversal attacks and arbitrary file deletion. When certain files are deleted, the eval() method will allow for executing user supplied commands. An attacker can leverage these vulnerabilities to execute code under the context of the SYSTEM.
f61f4ce29b8d52c4a9c1b37082ef4cd64b59d5ec479c79388cbea56bd8342bedSymantec End Point Protection version 11.x and Symantec Network Access Control version 11.x local code execution proof of concept exploit.
d2c6c09960003fa18cb090bcea7cbd0573d048ef3bac16353e5db8e15ab33911
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed