Code Execution Vulnerability Found In Symantec Endpoint Protection

in antivirus •  5 years ago 


Continuing the trail of vulnerable antivirus tools, now joins Symantec. Researchers have found a serious vulnerability in Symantec Endpoint Protection software. Exploiting this flaw could allow an attacker to execute codes on the target system.

Symantec Endpoint Protection Vulnerability


Researchers from SafeBreach Labs have found a serious vulnerability in another antivirus program. This time, they have found the vulnerability in Symantec Endpoint Protection.

Explaining this local privilege escalation vulnerability in a blog post, the researchers stated,

We found a service (SepMasterService) of the Symantec Endpoint Protection which is running as signed process and as NT AUTHORITY\SYSTEM, which is trying to load the following DLL which doesn’t exist: c:\Windows\SysWOW64\wbem\DSPARSE.dll
Thus, it became possible for an attacker to execute code by uploading an arbitrary DLL while bypassing the self-defense mechanism. The researchers have shared the proof-of-concept for the exploit in their report. As stated,
We were able to load an arbitrary Proxy DLL (which loaded another arbitrary DLL) and execute our code within a service’s process which is signed by Symantec Corporation as NT AUTHORITY\SYSTEM.
Consequently, exploiting this bug could allow an attacker to gain SYSTEM access, bypass app whitelisting, and persistently run malicious codes.

Symantec Issued A Fix

After discovering the bug, the researchers reported it to Symantec in August 2019, which the vendors confirmed the next day.

Recently, Symantec has issued a fix for this vulnerability assigned with CVE number CVE-2019-12758. The fix for the LPE flaw is already available with Symantec Endpoint Protection 14.2 RU2 release. Hence, the users must ensure upgrading their systems to the patched version to stay protected from potential attacks.

Recently, SafeBreach Labs has also reported vulnerabilities in other critical programs, including all editions of McAfee Antivirus, Check Point’s Endpoint Security Initial Client software for Windows, and Bitdefender Antivirus Free 2020.

Let us know your thoughts in the comments.


Posted from my blog with SteemPress : https://latesthackingnews.com/2019/11/17/code-execution-vulnerability-found-in-symantec-endpoint-protection/

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://latesthackingnews.com/2019/11/17/code-execution-vulnerability-found-in-symantec-endpoint-protection/