cve-2016-9093
Vulnerability from cvelistv5
Published
2018-04-16 18:00
Modified
2024-09-16 21:58
Severity ?
Summary
A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able to successfully run that file. If properly constructed, the file could access the driver interface and potentially manipulate certain system calls. On all 32-bit systems and in most cases on 64-bit systems, this will result in a denial of service that will crash the system. In very narrow circumstances, and on 64-bit systems only, this could allow the user to run arbitrary code on the local machine with kernel-level privileges. This could result in a non-privileged user gaining privileged access on the local machine.
References
secure@symantec.comhttp://www.securityfocus.com/bid/96294Third Party Advisory, VDB Entry
secure@symantec.comhttp://www.securitytracker.com/id/1037961Third Party Advisory, VDB Entry
secure@symantec.comhttps://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170306_00Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/96294Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037961Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170306_00Vendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:42:10.685Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1037961",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037961"
          },
          {
            "name": "96294",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96294"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170306_00"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Endpoint Protection",
          "vendor": "Symantec Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to SEP 12.1 RU6 MP7"
            }
          ]
        }
      ],
      "datePublic": "2017-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able to successfully run that file. If properly constructed, the file could access the driver interface and potentially manipulate certain system calls. On all 32-bit systems and in most cases on 64-bit systems, this will result in a denial of service that will crash the system. In very narrow circumstances, and on 64-bit systems only, this could allow the user to run arbitrary code on the local machine with kernel-level privileges. This could result in a non-privileged user gaining privileged access on the local machine."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-17T09:57:01",
        "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "shortName": "symantec"
      },
      "references": [
        {
          "name": "1037961",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037961"
        },
        {
          "name": "96294",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96294"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170306_00"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@symantec.com",
          "DATE_PUBLIC": "2017-04-06T00:00:00",
          "ID": "CVE-2016-9093",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Endpoint Protection",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to SEP 12.1 RU6 MP7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Symantec Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able to successfully run that file. If properly constructed, the file could access the driver interface and potentially manipulate certain system calls. On all 32-bit systems and in most cases on 64-bit systems, this will result in a denial of service that will crash the system. In very narrow circumstances, and on 64-bit systems only, this could allow the user to run arbitrary code on the local machine with kernel-level privileges. This could result in a non-privileged user gaining privileged access on the local machine."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1037961",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037961"
            },
            {
              "name": "96294",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96294"
            },
            {
              "name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170306_00",
              "refsource": "CONFIRM",
              "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170306_00"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
    "assignerShortName": "symantec",
    "cveId": "CVE-2016-9093",
    "datePublished": "2018-04-16T18:00:00Z",
    "dateReserved": "2016-10-28T00:00:00",
    "dateUpdated": "2024-09-16T21:58:24.461Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"12.1.6\", \"matchCriteriaId\": \"930EF2D4-C3F1-4A86-BD34-FE228D66BF05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"40DAC718-5E21-4616-AA68-F46E9D0DC5E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1a:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F6B238A-F29B-4FBD-8212-4ECEA485CBCB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"E94A3EEE-61B5-47CD-B880-9E09F56BDAD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FF40801-FB4E-4708-85BD-CF22AB67AEE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"9844DFD0-3834-4E3C-BE61-D7C1A6D5C76D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp5:*:*:*:*:*:*\", \"matchCriteriaId\": \"D72DE621-13F0-4794-AF17-98D331B9F647\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp6:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B93AD9D-B760-4E16-823F-F2D2D4E34F24\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able to successfully run that file. If properly constructed, the file could access the driver interface and potentially manipulate certain system calls. On all 32-bit systems and in most cases on 64-bit systems, this will result in a denial of service that will crash the system. In very narrow circumstances, and on 64-bit systems only, this could allow the user to run arbitrary code on the local machine with kernel-level privileges. This could result in a non-privileged user gaining privileged access on the local machine.\"}, {\"lang\": \"es\", \"value\": \"Una versi\\u00f3n del controlador SymEvent que se distribuye con Symantec Endpoint Protection 12.1 RU6 MP6 y anteriores no sanea correctamente las entradas de un usuario que haya iniciado sesi\\u00f3n. SEP 14.0 y siguientes no se ha visto afectado por este problema. Un usuario no administrativo tendr\\u00eda que ser capaz de guardar un archivo ejecutable en el disco y, despu\\u00e9s, ejecutarlo con \\u00e9xito. Si se construye correctamente, el archivo podr\\u00eda acceder a la interfaz del controlador y manipular ciertas llamadas del sistema. En todos los sistemas de 32 bits y, en la mayor\\u00eda de casos, en sistemas de 64 bits, esto resultar\\u00e1 en una denegaci\\u00f3n de servicio (DoS) que provocar\\u00e1 el cierre inesperado del sistema. En circunstancias muy concretas, y solo en sistemas de 64 bits, esto podr\\u00eda permitir que el usuario ejecute c\\u00f3digo arbitrario en la m\\u00e1quina local con privilegios de nivel de kernel. Esto podr\\u00eda resultar en que un usuario no privilegiado obtenga acceso privilegiado en la m\\u00e1quina local.\"}]",
      "id": "CVE-2016-9093",
      "lastModified": "2024-11-21T03:00:35.260",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.0, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.0, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-04-16T19:29:00.247",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/96294\", \"source\": \"secure@symantec.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037961\", \"source\": \"secure@symantec.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170306_00\", \"source\": \"secure@symantec.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/96294\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037961\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170306_00\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@symantec.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-9093\",\"sourceIdentifier\":\"secure@symantec.com\",\"published\":\"2018-04-16T19:29:00.247\",\"lastModified\":\"2024-11-21T03:00:35.260\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able to successfully run that file. If properly constructed, the file could access the driver interface and potentially manipulate certain system calls. On all 32-bit systems and in most cases on 64-bit systems, this will result in a denial of service that will crash the system. In very narrow circumstances, and on 64-bit systems only, this could allow the user to run arbitrary code on the local machine with kernel-level privileges. This could result in a non-privileged user gaining privileged access on the local machine.\"},{\"lang\":\"es\",\"value\":\"Una versi\u00f3n del controlador SymEvent que se distribuye con Symantec Endpoint Protection 12.1 RU6 MP6 y anteriores no sanea correctamente las entradas de un usuario que haya iniciado sesi\u00f3n. SEP 14.0 y siguientes no se ha visto afectado por este problema. Un usuario no administrativo tendr\u00eda que ser capaz de guardar un archivo ejecutable en el disco y, despu\u00e9s, ejecutarlo con \u00e9xito. Si se construye correctamente, el archivo podr\u00eda acceder a la interfaz del controlador y manipular ciertas llamadas del sistema. En todos los sistemas de 32 bits y, en la mayor\u00eda de casos, en sistemas de 64 bits, esto resultar\u00e1 en una denegaci\u00f3n de servicio (DoS) que provocar\u00e1 el cierre inesperado del sistema. En circunstancias muy concretas, y solo en sistemas de 64 bits, esto podr\u00eda permitir que el usuario ejecute c\u00f3digo arbitrario en la m\u00e1quina local con privilegios de nivel de kernel. Esto podr\u00eda resultar en que un usuario no privilegiado obtenga acceso privilegiado en la m\u00e1quina local.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"12.1.6\",\"matchCriteriaId\":\"930EF2D4-C3F1-4A86-BD34-FE228D66BF05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"40DAC718-5E21-4616-AA68-F46E9D0DC5E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1a:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F6B238A-F29B-4FBD-8212-4ECEA485CBCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E94A3EEE-61B5-47CD-B880-9E09F56BDAD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FF40801-FB4E-4708-85BD-CF22AB67AEE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"9844DFD0-3834-4E3C-BE61-D7C1A6D5C76D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp5:*:*:*:*:*:*\",\"matchCriteriaId\":\"D72DE621-13F0-4794-AF17-98D331B9F647\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp6:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B93AD9D-B760-4E16-823F-F2D2D4E34F24\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/96294\",\"source\":\"secure@symantec.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037961\",\"source\":\"secure@symantec.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170306_00\",\"source\":\"secure@symantec.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/96294\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037961\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20170306_00\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.