Product: Symantec Endpoint Protection
Reported by: Kyriakos Economou (@kyREcon)
Affected Products: SEP v14.x < 14.2 (RU1), SEP v12x < 12.1 (RU6 MP10), SEP-SBE v12.x < 12.1 (RU6 MP10c)
During the handling of specific requests by ‘SysPlant.sys’ kernel driver, a programming mistake allows an attacker to leak and corrupt kernel mode data. Successfully exploiting this issue leads to LPE as SYSTEM user.