CVE-2012-0295

Published: May 23, 2012Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294.

Affected (3)

Products: Symantec: Endpoint Protection

Symantec

1 product

Endpoint Protection

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Symantec Endpoint Protection	Version 12.1.1000
Symantec Endpoint Protection	Version 12.1.671
Symantec Endpoint Protection	Version 12.1

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (8)

http://www.securityfocus.com/bid/53183

Source: cve@mitre.org

http://www.securityfocus.com/bid/53184

Source: cve@mitre.org

http://www.securitytracker.com/id?1027093

Source: cve@mitre.org

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/53183

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/53184

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1027093

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.