QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2016-9094

Back to search

CVE-2016-9094

Published: Apr 16, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended product functionality. The quarantine logs can be exported for review by the user in a variety of formats including .CSV files. Prior to 14.0 MP1 and 12.1 RU6 MP7, the potential exists for file metadata to be interpreted and evaluated as a formula. Successful exploitation of an attack of this type requires considerable direct user-interaction from the user exporting and then opening the log files on the intended target client.

VendorProductVersions

Symantec Corporation

Endpoint Protection

affected
Prior to SEP 14.0 MP1 & SEP 12.1 RU6 MP7

References

96298
vdb-entry
x_refsource_BID
1037961
vdb-entry
x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now