CVE-2019-12750

HIGH

Symantec Endpoint Protection < 14.2 RU1 & 12.1 RU6 MP10 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-12750. PoCs published by v-p-b.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2019-12750, a local privilege escalation vulnerability in Symantec Endpoint Protection. The exploit leverages a vulnerable IOCTL in the SYSPLANT driver to manipulate kernel memory and escalate privileges by modifying token privileges.

Description

Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

Exploits (1)

nomisec WORKING POC 67 stars

by v-p-b · poc

https://github.com/v-p-b/cve-2019-12750

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-12750, a local privilege escalation vulnerability in Symantec Endpoint Protection. The exploit leverages a vulnerable IOCTL in the SYSPLANT driver to manipulate kernel memory and escalate privileges by modifying token privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Symantec Endpoint Protection (older versions, x64)

No auth needed

Prerequisites: Administrative access to execute the exploit · Vulnerable version of Symantec Endpoint Protection installed

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1134 - Access Token Manipulation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory x_refsource_misc

https://support.symantec.com/us/en/article.SYMSA1487.html

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/155581/Symantec-Endpoint-Protection-Information-Disclosure-Privilege-Escalation.html

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2019/Dec/11

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2019/Dec/21

Scores

CVSS v3 7.8

EPSS 0.0125

EPSS Percentile 65.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-125

Status published

Products (6)

symantec/endpoint_protection 11.0 (19 CPE variants)

symantec/endpoint_protection 12.1 (22 CPE variants)

symantec/endpoint_protection 14.0.0 (3 CPE variants)

symantec/endpoint_protection 14.0.1 (3 CPE variants)

symantec/endpoint_protection 14.2 (2 CPE variants)

symantec/endpoint_protection 12.0 rtm

Published Jul 31, 2019

Tracked Since Feb 18, 2026