CVE-2018-12244

MEDIUM

Symantec Endpoint Protection <= 12.1 RU6 MP9 and < 14.2 RU1 - CSV Formula Injection

Title source: llm

Description

SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://support.symantec.com/en_US/article.SYMSA1479.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

https://www.securityfocus.com/bid/107999

Scores

CVSS v3 6.3

EPSS 0.0112

EPSS Percentile 61.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Details

CWE

CWE-1236

Status published

Products (6)

symantec/endpoint_protection 11.0 (18 CPE variants)

symantec/endpoint_protection 12.1 (22 CPE variants)

symantec/endpoint_protection 14 (2 CPE variants)

symantec/endpoint_protection 14.0.0 mp2

symantec/endpoint_protection 14.0.1 (3 CPE variants)

symantec/endpoint_protection 14.2 (2 CPE variants)

Published Apr 25, 2019

Tracked Since Feb 18, 2026