What is CVE-2014-3434?

CVE-2014-3434 is a vulnerability in Symantec Endpoint_protection, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-08-06.

Is CVE-2014-3434 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Symantec Endpoint_protection

CVE-2014-3434

Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x002…

Vulnerability class: Buffer Overflow

EPSS: 0.006 (70.7th percentile) — read the EPSS interpretation.

Affected products

Symantec Endpoint_protection — versions 11.0, 12.0, 12.1
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

n1xbyte/Kernel-Sploitz

References

secure@symantec.com (x_refsource_CONFIRM, Vendor Advisory)
109663 (x_refsource_OSVDB, vdb-entry)
68946 (Exploit, vdb-entry, x_refsource_BID)
symantec-endpoint-priv-escalation(95062) (vdb-entry, x_refsource_XF)
VU#252068 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
58996 (x_refsource_SECUNIA, third-party-advisory)
59697 (x_refsource_SECUNIA, third-party-advisory)
34272 (Exploit, exploit, x_refsource_EXPLOIT-DB)
secure@symantec.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2014-3434?: CVE-2014-3434 is a vulnerability in Symantec Endpoint_protection, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-08-06.
Is CVE-2014-3434 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.