Intrusion PreventionSymantec.EndpointProtection.NetworkAccessControl.Code.Execution
Description
This indicates an attack attempt against a Code Execution vulnerability in Symantec Endpoint Protection and Symantec Network Access Control.
The vulnerability is caused by inadequate boundary and error checking within one of the code functions. It allows a remote attacker to execute arbitrary code via unauthorized accessing or enticing legitimate user to download malicious content or visit a malicious site.
Affected Products
Symantec Endpoint Protection(Management Console) 11.0 RU6(11.0.600x)
Symantec Endpoint Protection(Management Console) 11.0 RU6-MP1(11.0.6100)
Symantec Endpoint Protection(Management Console) 11.0 RU6-MP2(11.0.6200)
Symantec Endpoint Protection(Management Console) 11.0 RU6-MP3(11.0.6300)
Symantec Endpoint Protection(Management Console) 11.0 RU7(11.0.700x)
Symantec Endpoint Protection(Management Console) 11.0 RU7-MP1(11.0.710x)
Symantec Network Access Control(Management Console)11.0 RU6(11.0.600x)
Symantec Network Access Control(Management Console)11.0 RU6-MP1(11.0.6100)
Symantec Network Access Control(Management Console)11.0 RU6-MP2(11.0.6200)
Symantec Network Access Control(Management Console)11.0 RU6-MP3(11.0.6300)
Symantec Network Access Control(Management Console)11.0 RU7(11.0.700x)
Symantec Network Access Control(Management Console)11.0 RU7-MP1(11.0.710x)
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 32013 |
| Created | Jun 13, 2012 |
| Updated | Nov 15, 2021 |
| Risk |
|
| CVE ID | CVE-2012-0289 |
| Exploit Prediction Score | 0.21% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |