CVE-2013-5010

Symantec SEP <11.0.7.4-12.1.2 RU2 - Privilege Escalation

Title source: llm

Description

The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/64129

Vendor Advisory x_refsource_confirm

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/90225

Scores

EPSS 0.0007

EPSS Percentile 21.8%

Details

CWE

CWE-264

Status published

Products (13)

symantec/endpoint_protection 11.0 (6 CPE variants)

symantec/endpoint_protection 11.0.1 (3 CPE variants)

symantec/endpoint_protection 11.0.2 (3 CPE variants)

symantec/endpoint_protection 11.0.4 (3 CPE variants)

symantec/endpoint_protection 11.0.3001

symantec/endpoint_protection 11.0.6000

symantec/endpoint_protection 11.0.6100

symantec/endpoint_protection 11.0.6200

symantec/endpoint_protection 11.0.6200.754

symantec/endpoint_protection 11.0.6300

... and 3 more

Published Jan 10, 2014

Tracked Since Feb 18, 2026