CVE-2014-3434

Symantec Endpoint Protection 11.x-12.x - Local Buffer Overflow via sysplant Driver IOCTL

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-3434. PoCs published by ryujin & sickness.

AI-analyzed exploit summary This exploit targets a kernel pool overflow vulnerability in Symantec Endpoint Protection 11.x and 12.x. It manipulates the SYSFER.dll module to achieve arbitrary memory writes, potentially leading to local privilege escalation.

Description

Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ryujin & sickness · pythonlocalwindows

https://www.exploit-db.com/exploits/34272

View Code ZIP pw:eip

This exploit targets a kernel pool overflow vulnerability in Symantec Endpoint Protection 11.x and 12.x. It manipulates the SYSFER.dll module to achieve arbitrary memory writes, potentially leading to local privilege escalation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Symantec Endpoint Protection 11.x, 12.x

No auth needed

Prerequisites: Local access to the target system · Symantec Endpoint Protection 11.x or 12.x installed

MITRE ATT&CK