Unrated severityNVD Advisory· Published Aug 6, 2014· Updated May 6, 2026

CVE-2014-3434

Description

Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call.

Affected products

Symantec/Endpoint Protection3 versions
cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:endpoint_protection:12.0:-:small_business:*:*:*:*:*
- cpe:2.3:a:symantec:endpoint_protection:12.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/34272nvdExploit
www.securityfocus.com/bid/68946nvdExploit
www.symantec.com/security_response/securityupdates/detail.jspnvdVendor Advisory
www.kb.cert.org/vuls/id/252068nvdUS Government Resource
packetstormsecurity.com/files/127772/Symantec-Endpoint-Protection-11.x-12.x-Kernel-Pool-Overflow.htmlnvd
secunia.com/advisories/58996nvd
secunia.com/advisories/59697nvd
www.osvdb.org/109663nvd
exchange.xforce.ibmcloud.com/vulnerabilities/95062nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000