Path Traversal in Symantec Endpoint_protection

CVE-2013-5011

Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 allows local users to gain…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.000 (15.4th percentile) — read the EPSS interpretation.

Affected products

Symantec Endpoint_protection — versions 11.0, 11.0.1, 11.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

64130 (vdb-entry, x_refsource_BID)
secure@symantec.com (x_refsource_CONFIRM, Vendor Advisory)
symantec-endpoint-cve20135011-priv-esc(90226) (vdb-entry, x_refsource_XF)