|| Hotline : 800 2378 ||  To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu ||  To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||
    Constituency
    Authority
    Vol. 2, Feb 2012
    Vol. 1, Oct 2011
    World CERTs
    Email Abuse
 
 
Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University
 
 
 
 
 
 
 
 
 
 
 
 


   
 

CERT-MU AD-2012-06

Symantec Endpoint Protection CVE-2011-0550 Cross-Site Scripting Vulnerability

Original issue date: August 10, 2011

Updated: January 16, 2012

Severity Rating: Medium

Overview
A vulnerability has been identified in Symantec Endpoint Protection and it can be exploited to cause execution of arbitrary code in the context of the vulnerable site. This vulnerability can allow remote attackers to steal cookie-based authentication credentials and conduct other attacks. Symantec has released an update to address this vulnerability.

Description

A cross-site scripting and cross-site request forgery vulnerability has been identified in Symantec Endpoint Protection. This vulnerability exists because Symantec Endpoint Protection fails to inadequately sanitise user supplied input. This vulnerability can allow remote attackers to cause execution of arbitrary code of the vulnerable installations of Symantec Endpoint Protection, steal cookie based authentication credentials and conduct other attacks. Successful exploitation of this vulnerability requires user interaction such that the user must visit a malicious page or open an infected file. Symantec has released an update to address this vulnerability.

Affected Systems

  • Symantec Endpoint Protection 11.0 RU6 (11.0.600x)
  • Symantec Endpoint Protection 11.0 RU6-MP1(11.0.6100)
  • Symantec Endpoint Protection 11.0 RU6-MP2(11.0.6200)
  • Symantec Endpoint Protection 11.0 RU6-MP3(11.0.6300)

Solution

Users are advised to apply updates.

More information about the update is available on:

http://www.securityfocus.com/bid/48231/solution

CVE Information

CVE-2011-0550

References

Security Focus

http://www.securityfocus.com/bid/48231/info

Symantec

http://www.symantec.com/security_response/securityupdates

http://www.symantec.com/security_response/securityupdates

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

E-mail:

Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis


  
 
News & Events
Safer Internet Day 2012
Computer Security Day 2011
Workshop on Cloud Security
Workshop on Mobile Security
Certificate Award Ceremony for Trainings in Information Security Management
  more...
 
Virus Alerts
RSS Feed
Subscribe Mailing List
 
 
 

Last Updated 20-Jul-2011
Disclaimer Maintained & Hosted by NCB
This site is best viewed in 1024 x 768 resolution. Internet Explorer 6.0 +
18-Jan-2012