Lucene search

MitreCVE-2012-0305

HistoryJul 23, 2012 - 5:55 p.m.

CVE-2012-0305

2012-07-2317:55:03

mitre

web.nvd.nist.gov

cve-2012-0305

untrusted search path

symantec system recovery

backup exec system recovery

local privilege escalation

vulnerability

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

High

EPSS

Percentile

9.5%

JSON

Untrusted search path vulnerability in Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

Affected configurations

Nvd

Node

symantecbackupexec_system_recoveryMatch2010

symantecbackupexec_system_recoveryMatch2011

symantecsystem_recoveryMatch2011

VendorProductVersionCPE
symantecbackupexec_system_recovery2010cpe:2.3:a:symantec:backupexec_system_recovery:2010:*:*:*:*:*:*:*
symantecbackupexec_system_recovery2011cpe:2.3:a:symantec:backupexec_system_recovery:2011:*:*:*:*:*:*:*
symantecsystem_recovery2011cpe:2.3:a:symantec:system_recovery:2011:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	backupexec_system_recovery	2010	cpe:2.3:a:symantec:backupexec_system_recovery:2010:::::::*
symantec	backupexec_system_recovery	2011	cpe:2.3:a:symantec:backupexec_system_recovery:2011:::::::*
symantec	system_recovery	2011	cpe:2.3:a:symantec:system_recovery:2011:::::::*

References

www.securityfocus.com/bid/54594

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_01

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

High

EPSS

Percentile

9.5%

JSON

Related for CVE-2012-0305