CVE-2013-5010

Severity

46%

Complexity

39%

Confidentiality

106%

The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors.

The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Symantec Endpoint Protection

First reported 11 years ago

2014-01-10 16:47:00

Last updated 7 years ago

2017-08-29 01:33:00

Affected Software

Symantec Endpoint Protection Version 11.0

11.0

Symantec Endpoint Protection Version 11.0 RU5

11.0

Symantec Endpoint Protection Version 11.0 RU6

11.0

Symantec Endpoint Protection Version 11.0 RU6a

11.0

Symantec Endpoint Protection Version 11.0 RU6 MP1

11.0

Symantec Endpoint Protection Version 11.0 RU6 MP2

11.0

Symantec Endpoint Protection Version 11.0.1 MR1

11.0.1

Symantec Endpoint Protection Version 11.0.1 MR1 MP1

11.0.1

Symantec Endpoint Protection Version 11.0.1 MR2 MP2

11.0.1

Symantec Endpoint Protection Version 11.0.2 MR2

11.0.2

Symantec Endpoint Protection Version 11.0.2 MR2 MP1

11.0.2

Symantec Endpoint Protection Version 11.0.2 MR2 MP2

11.0.2

Symantec Endpoint Protection Version 11.0.4 MR4

11.0.4

Symantec Endpoint Protection Version 11.0.4 MR4 MP1a

11.0.4

Symantec Endpoint Protection Version 11.0.4 MR4 MP2

11.0.4

Symantec Endpoint Protection Version 11.0.3001 MR3

11.0.3001

Symantec Endpoint Protection Version 11.0.6000

11.0.6000

Symantec Endpoint Protection Version 11.0 RU6-MP1(11.0.6100)

11.0.6100

Symantec Endpoint Protection Version 11.0 RU6-MP2(11.0.6200)

11.0.6200

Symantec Endpoint Protection 11.0.6200.754

11.0.6200.754

Symantec Endpoint Protection Version 11.0 RU6-MP3(11.0.6300)

11.0.6300

Symantec Endpoint Protection Version 11.0 RU7(11.0.7000)

11.0.7000

Symantec Endpoint Protection Version 11.0 RU7-MP1(11.0.7100)

11.0.7100

References

64129

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00

Vendor Advisory

symantec-endpoint-cve20135010-sec-bypass(90225)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.