CSV/DDE Injection Vulnerability in Symantec Endpoint Protection for Mac
CVE-2018-12244
6.3MEDIUM
What is CVE-2018-12244?
The version of Symantec Endpoint Protection for Mac prior to 14.2 RU1, including 12.1 RU6 MP9, contains a vulnerability that permits CSV/DDE injection, allowing untrusted input to be introduced into CSV files. This flaw could lead to potential misuse where attackers can exploit the injection to execute arbitrary commands through the use of dynamic data exchange (DDE) within the infected system. Proper input validation measures are essential to mitigate the risks associated with this vulnerability.
Affected Version(s)
Symantec Endpoint Protection (Mac Client) Prior to and including 12.1 RU6 MP9
Symantec Endpoint Protection (Mac Client) Prior to 14.2 RU1