CVE-2013-5011

Symantec Endpoint Protection <11.0.7.4, 12.1.2 - Privilege Escalation

Title source: llm

Description

Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 allows local users to gain privileges via a crafted program in the %SYSTEMDRIVE% directory.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/64130

Vendor Advisory x_refsource_confirm

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/90226

Scores

EPSS 0.0005

EPSS Percentile 15.1%

Details

CWE

CWE-22

Status published

Products (13)

symantec/endpoint_protection 11.0 (6 CPE variants)

symantec/endpoint_protection 11.0.1 (3 CPE variants)

symantec/endpoint_protection 11.0.2 (3 CPE variants)

symantec/endpoint_protection 11.0.4 (3 CPE variants)

symantec/endpoint_protection 11.0.3001

symantec/endpoint_protection 11.0.6000

symantec/endpoint_protection 11.0.6100

symantec/endpoint_protection 11.0.6200

symantec/endpoint_protection 11.0.6200.754

symantec/endpoint_protection 11.0.6300

... and 3 more

Published Jan 10, 2014

Tracked Since Feb 18, 2026