Blog

/

Symantec Endpoint Protection 0day

Symantec Endpoint Protection: Privilege Escalation
Exploit Development

Jul 29, 2014

Symantec Endpoint Protection 0day

In a recent engagement, we had the opportunity to audit a leading Antivirus Endpoint Protection solution, where we found a multitude of vulnerabilities. Some of these made it to CERT, while others have been scheduled for review during our upcoming AWE course at Black Hat 2014, Las Vegas. Ironically, the same software that was meant to protect the organization under review was the reason for its compromise.

OffSec Team OffSec Team

1 min read

Author: Matteo Memelli

Symantec Endpoint Protection Vulnerability

In a recent engagement, we had the opportunity to audit the Symantec Antivirus Endpoint Protection solution, where we found a multitude of vulnerabilities. Some of these made it to CERT, while others have been scheduled for review during our upcoming AWE course at Black Hat 2014, Las Vegas. Ironically, the same software that was meant to protect the organization under review was the reason for its compromise.

We’ll be publishing the code for this privilege escalation exploit in the next few days. In the meantime, you can check out our demo video of the exploitation process – best viewed in full screen.

More shameless Kali Dojo plugs

If you’re attending the Black Hat, Brucon or Derbycon 2014 conferences, don’t forget to come by our free Kali Dojo Workshops for some serious Kali Linux fu. See you there!

Stay in the know: Become an OffSec Insider

Stay in the know: Become an OffSec Insider

Get the latest updates about resources, events & promotions from OffSec!

Latest from OffSec

Research & Tutorials

CVE-2025-24893 – Unauthenticated Remote Code Execution in XWiki via SolrSearch Macro

An RCE vulnerability in XWiki was found allowing unauthenticated attackers to execute arbitrary Groovy code remotely without authentication or prior access.

Jun 5, 2025

2 min read

Insights

OffSec’s Take on the Global Generative AI Adoption Index

Discover OffSec’s take on the latest Global Generative AI Adoption Index report released by AWS.

May 30, 2025

3 min read

Research & Tutorials

CVE-2025-0655 – Remote Code Execution in D-Tale via Unprotected Custom Filters

A critical remote code execution (RCE) vulnerability in the D-Tale data visualization tool was identified which allowed attackers to execute arbitrary system exams, abusing an exposed API endpoint.

May 29, 2025

2 min read
View all blogs