CVE-2013-1612
Symantec Endpoint Protection Manager 12.1.x - Overflow (SEH) (PoC)
Severity Score
7.9
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition 12.0.x, allows remote attackers to execute arbitrary code via unspecified vectors.
Desbordamiento de búfer en secars.dll en la consola de gestión en Symantec Endpoint Protection Manager (SEPM) v12.1.x y Symantec Endpoint Protection Center (SPC) Small Business Edition v12.0.x, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-02-04 CVE Reserved
- 2013-06-20 CVE Published
- 2014-04-27 First Exploit
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/60542 | Vdb Entry | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20130618_00 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/33056 | 2014-04-27 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Symantec Search vendor "Symantec" | Endpoint Protection Manager Search vendor "Symantec" for product "Endpoint Protection Manager" | 12.1.0 Search vendor "Symantec" for product "Endpoint Protection Manager" and version "12.1.0" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Endpoint Protection Manager Search vendor "Symantec" for product "Endpoint Protection Manager" | 12.1.1 Search vendor "Symantec" for product "Endpoint Protection Manager" and version "12.1.1" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Endpoint Protection Manager Search vendor "Symantec" for product "Endpoint Protection Manager" | 12.1.2 Search vendor "Symantec" for product "Endpoint Protection Manager" and version "12.1.2" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Endpoint Protection Center Search vendor "Symantec" for product "Endpoint Protection Center" | 12.0.0 Search vendor "Symantec" for product "Endpoint Protection Center" and version "12.0.0" | small_business |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Endpoint Protection Center Search vendor "Symantec" for product "Endpoint Protection Center" | 12.0.1 Search vendor "Symantec" for product "Endpoint Protection Center" and version "12.0.1" | small_business |
Affected
| ||||||