vulnerability

Symantec Endpoint Protection Manager: CVE-2015-8154: SEP Client Security Bypass RWX Permissions SysPlant.sys driver

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	Mar 18, 2016	Apr 25, 2017	Oct 30, 2017

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Mar 18, 2016

Added

Apr 25, 2017

Modified

Oct 30, 2017

Description

The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions."

Solution

endpoint_protection_manager-cve-2015-8154

References

BID-84344
CVE-2015-8154
https://attackerkb.com/topics/CVE-2015-8154
URL-http://www.securityfocus.com/bid/84344
URL-http://www.securitytracker.com/id/1035329
URL-http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160317_00

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today