Symantec: >> Endpoint Protection >> 12.1.4023.4080 Security Vulnerabilities
Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended product functionality. The quarantine logs can be exported for review by the user in a variety of formats including .CSV files. Prior to 14.0 MP1 and 12.1 RU6 MP7, the potential exists for file metadata to be interpreted and evaluated as a formula. Successful exploitation of an attack of this type requires considerable direct user-interaction from the user exporting and then opening the log files on the intended target client.
CVSS Score
7.8
EPSS Score
0.003
Published
2018-04-16
Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients.
CVSS Score
7.1
EPSS Score
0.022
Published
2017-11-06
Page 2