In this post we will walk you through a more sophisticated method of exploiting CVE-2019-12750. This is a local privilege escalation vulnerability that affects Symantec Endpoint Protection. The method of exploitation described in [...]
A malicious application can take advantage of a vulnerability in Symantec Endpoint Protection to leak privileged information and/or execute code with higher privileges, thus taking full control over the affected host. Products Affected [...]
During a recent red team exercise, we discovered a vulnerability within the latest versions of the Symantec Management Agent (Altiris), that allowed us to escalate our privileges. Overview When the Altiris agent performs [...]
Note: These vulnerabilities remain unpatched at the point of publication. We have been working with Symantec to try and help them to fix this since our initial private disclosure in July 2017 (full [...]