An exploit is no available at exploit-db.com for the Symantec End Point Protection privilege escalation vulnerability. Symantec released a patch for this issue earlier this week [1].
The vulnerability requires normal-user access to the affected system and can be used to escalate privileges to fully control the system (instead of being limited to a particular user) so this will make a great follow up exploit to a standard drive-by exploit that gains user privileges.
We have gotten some reports that users have problems installing the patch on legacy systems (e.g. Windows 2003). Applying the patch just fails in these cases and appears to have no ill effect on system stability.
[1] http://www.symantec.com/business/support/index?page=content&id=TECH223338
---
'취약점 정보1' 카테고리의 다른 글
| (CVE-2014-3500/1/2) Cordova for Android Cross-Application Scripting and Data Exfiltration Vulnerabilities (0) | 2014.08.08 |
|---|---|
| Synolocker: Why OFFLINE Backups are important (0) | 2014.08.08 |
| OpenSSL Security Advisory (0) | 2014.08.08 |
| Cisco IOS 와 IOS XE Software EnergyWise 서비스 거부 공격 보안업데이트 권고 (0) | 2014.08.08 |
| Oracle July 2014 CPU (patch bundle) (0) | 2014.07.16 |