Video Screencast Help
Security Community Blog

Symantec Endpoint Protection Manager CVE-2012-4348 Remote Code Execution Vulnerability

Created: 15 Jan 2013 • Updated: 15 Jan 2013
.Brian's picture
+1 1 Vote
Login to vote

Symantec Endpoint Protection (SEP) Manager is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary PHP code in the context of the application.

This issue is fixed in the following versions:

Symantec Endpoint Protection 11.0 RU7-MP3
Symantec Endpoint Protection 12.1 RU2

Versions affected:

Symantec Endpoint Protection 11.0 RU7 MP1 0
Symantec Endpoint Protection 11.0 RU6-MP3(11.0.6300) 0
Symantec Endpoint Protection 11.0 RU6-MP2(11.0.6200) 0
Symantec Endpoint Protection 11.0 RU6-MP1(11.0.6100) 0
Symantec Endpoint Protection 12.1 RU1-MP1
Symantec Endpoint Protection 12.1 MP1
Symantec Endpoint Protection 12.1
Symantec Endpoint Protection 12.0
Symantec Endpoint Protection 11.0 RU7 MP2
Symantec Endpoint Protection 11.0 RU7 MP1
Symantec Endpoint Protection 11.0 RU6-MP3(11.0.63
Symantec Endpoint Protection 11.0 RU6-MP2(11.0.62
Symantec Endpoint Protection 11.0 RU6 MP4
Symantec Endpoint Protection 11.0 RU6 MP3
Symantec Endpoint Protection 11.0 RU6 MP2
Symantec Endpoint Protection 11.0 RU6 MP1
Symantec Endpoint Protection 11.0 RU5
Symantec Endpoint Protection 11.0 RU4
Symantec Endpoint Protection 11.0 MR3

 

References:

http://www.securityfocus.com/bid/56846/discuss

http://www.securityfocus.com/bid/56846