Video Screencast Help

New Vulnerability in SEPM: SYM13-005, Fixed by Upgrading to 12.1 RU3

Created: 19 Jun 2013 | 2 comments
Mick2009's picture

Just raising awareness for all SEP Admins: Symantec has posted a new Security Advisory that affects all SEP 12.1 SEPMs earlier than the RU3 release. 

"SEPM Secar.dll Buffer Overflow"   A DLL in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x server does not properly validate all external input.  This could potentially result in a buffer overflow and remote code execution with application privileges on the server that is hosting the management console.

Please see this advisory for full details:

Security Advisories Relating to Symantec Products - Symantec Endpoint Protection Manager 12.1.x Buffer Overflow


NOTE: Symantec is not aware of any customers affected by this issue or any malicious attempts to exploit this issue. Also, there are IPS signatures in place which will block malicious traffic that attempts to explot this.  Please ensure that the SEP client protecting your SEPM has the IPS component enabled and definitions up-to-date! 

Keep in mind that upgrading will provide protection against any possible future exploit attempt, and also provide the benefit of many other fixes, enhancements and improvement.  See Latest Symantec Endpoint Protection Released - SEP 12.1.RU3 for details.

Many thanks!


Comments 2 CommentsJump to latest comment

Mithun Sanghavi's picture


Thank you Mick for updating us all.

It is indeed important keep consistency in the SEP environment and to Migrate to the Latest version of Symantec Endpoint Protection 12.1 RU3.

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.