CVE-2012-0289

Symantec Endpoint Protection/SNAC <11.0.710x - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-0289. PoCs published by 41.w4r10r.

AI-analyzed exploit summary This exploit leverages a buffer overflow in Symantec Endpoint Protection's SSHelper.dll via a maliciously crafted XML file with VBScript. The long string argument (arg11) triggers the vulnerability, leading to potential remote code execution.

Description

Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script.

Exploits (1)

exploitdb WORKING POC

by 41.w4r10r · textdoswindows

https://www.exploit-db.com/exploits/18916

View Code ZIP pw:eip

This exploit leverages a buffer overflow in Symantec Endpoint Protection's SSHelper.dll via a maliciously crafted XML file with VBScript. The long string argument (arg11) triggers the vulnerability, leading to potential remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Symantec Endpoint Protection 11.x, Symantec Network Access Control 11.x

No auth needed

Prerequisites: Target system with vulnerable Symantec software installed · Ability to deliver the malicious XML file to the target

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/51795

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1027093

Scores

EPSS 0.0146

EPSS Percentile 70.2%

Details

CWE

CWE-119

Status published

Products (13)

symantec/endpoint_protection 11.0.6000

symantec/endpoint_protection 11.0.6100

symantec/endpoint_protection 11.0.6200

symantec/endpoint_protection 11.0.6200.754

symantec/endpoint_protection 11.0.6300

symantec/endpoint_protection 11.0.7000

symantec/endpoint_protection 11.0.7100

symantec/network_access_control 11.0.6000

symantec/network_access_control 11.0.6100

symantec/network_access_control 11.0.6200

... and 3 more

Published May 23, 2012

Tracked Since Feb 18, 2026