Vulnerabilities > CVE-2014-9227 - Unspecified vulnerability in Symantec Endpoint Protection
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN symantec
nessus
Summary
Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory.
Vulnerable Configurations
Nessus
| NASL family | Windows |
| NASL id | SYMANTEC_ENDPOINT_PROT_MGR_SYM15-005.NASL |
| description | The version of Symantec Endpoint Protection Manager (SEPM) installed on the remote host is prior to 12.1 RU6. It is, therefore, affected by the following vulnerabilities : - A DLL injection vulnerability exists due to improper path restrictions when loading DLLs. An authenticated, local attacker can exploit this to insert malicious DLL files, resulting in the execution of arbitrary code with system permissions. (CVE-2014-9227) - A denial of service vulnerability exists due to a deadlock condition in the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 84368 |
| published | 2015-06-24 |
| reporter | This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/84368 |
| title | Symantec Endpoint Protection Manager < 12.1 RU6 Multiple Vulnerabilities (SYM15-005) |
References
- http://www.securityfocus.com/bid/75203
- http://www.securityfocus.com/bid/75203
- http://www.securitytracker.com/id/1032616
- http://www.securitytracker.com/id/1032616
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150617_00
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150617_00