CVE-2024-23617 | THREATINT

Description

A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution.

PUBLISHED Reserved 2024-01-18 | Published 2024-01-25 | Updated 2024-10-18 | Assigner XI

CRITICAL: 9.6CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.3AV:N/AC:M/Au:N/C:C/I:C/A:C

Problem types

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Product status

Default status

unaffected

12.0 (semver)

affected

Credits

Exodus Intelligence finder

References

blog.exodusintel.com/...ffer-overflow-remote-code-execution/ third-party-advisory

cve.org (CVE-2024-23617)

nvd.nist.gov (CVE-2024-23617)

help @ threatint.eu