EIP-2026-116362

PRE-CVE

Symantec Endpoint Protection 12.1.4013 - Service Disabling

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116362. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit terminates Symantec Endpoint Protection processes (Smc.exe, SmcGui.exe, ccSvcHst.exe) by leveraging process enumeration and termination APIs, bypassing password protection controls. It also attempts to disable the service via command-line arguments.

Description

Symantec Endpoint Protection 12.1.4013 - Service Disabling

Exploits (1)

exploitdb WORKING POC

by hyp3rlinx · textdoswindows

https://www.exploit-db.com/exploits/37525

View Code ZIP pw:eip

This exploit terminates Symantec Endpoint Protection processes (Smc.exe, SmcGui.exe, ccSvcHst.exe) by leveraging process enumeration and termination APIs, bypassing password protection controls. It also attempts to disable the service via command-line arguments.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Symantec Endpoint Protection 12.1.4013

No auth needed

Prerequisites: Local execution on a Windows system with Symantec Endpoint Protection 12.1.4013 installed

MITRE ATT&CK

T1489 - Service Stop T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026