1. CVE-Search
  2. CVE-2012-4350
ID CVE-2012-4350
Summary Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors. Per http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:enterprise_security_manager:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:enterprise_security_manager:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:enterprise_security_manager:6.5:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:enterprise_security_manager:6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:enterprise_security_manager:6.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:enterprise_security_manager:6.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:enterprise_security_manager:6.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:enterprise_security_manager:6.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:enterprise_security_manager:6.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:enterprise_security_manager:6.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:enterprise_security_manager:6.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:enterprise_security_manager:6.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:enterprise_security_manager:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:enterprise_security_manager:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:enterprise_security_manager:9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:enterprise_security_manager:9.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:enterprise_security_manager:-:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:enterprise_security_manager:-:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:enterprise_security_manager:10.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:enterprise_security_manager:10.0:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 14-03-2013 - 03:10)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 56915
confirm http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121213_00
sectrack 1027874
Last major update 14-03-2013 - 03:10
Published 18-12-2012 - 20:55
Last modified 14-03-2013 - 03:10
Back to Top