File Metadata Vulnerability in Symantec Endpoint Protection
CVE-2016-9094
7.8HIGH
What is CVE-2016-9094?
In Symantec Endpoint Protection, a vulnerability exists that allows exported quarantine logs to contain file metadata that may be interpreted as formulas by applications like spreadsheets. This issue can be exploited by an attacker who convinces a user to export and open log files, potentially leading to unintended actions or the execution of arbitrary code. The vulnerability affects versions prior to 14.0 MP1 and 12.1 RU6 MP7, where such a flaw exists during the log review process.
Affected Version(s)
Endpoint Protection Prior to SEP 14.0 MP1 & SEP 12.1 RU6 MP7