CVE-2012-4350

{"id": "CVE-2012-4350", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-12-18T20:55:01.260", "references": [{"url": "http://www.securityfocus.com/bid/56915", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1027874", "source": "cve@mitre.org"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121213_00", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades en ruta de b\u00fasqueda en Windows en los componentes (1) Manager y (2) Agent en Symantec Enterprise Security Manager (ESM) antes de v11.0, permite a usuarios locales ganar privilegios a trav\u00e9s de vectores no especificados."}], "lastModified": "2013-03-14T03:10:17.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:enterprise_security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "139DC390-948B-401F-B958-455B8B31E5F9", "versionEndIncluding": "10.0"}, {"criteria": "cpe:2.3:a:symantec:enterprise_security_manager:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7D3219F-1AC4-4ED6-ACE0-CB33A104F484"}, {"criteria": "cpe:2.3:a:symantec:enterprise_security_manager:6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5296D33B-5F71-4DE3-B5CD-9328F091CEA9"}, {"criteria": "cpe:2.3:a:symantec:enterprise_security_manager:6.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B1CD675-463B-42DA-B0D9-0C09C33A7BEA"}, {"criteria": "cpe:2.3:a:symantec:enterprise_security_manager:6.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D5C43D9-37D5-4981-87EF-BE7FAB2D1531"}, {"criteria": "cpe:2.3:a:symantec:enterprise_security_manager:6.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BC1C6DE-0C86-4A16-A432-3AB93AC1A754"}, {"criteria": "cpe:2.3:a:symantec:enterprise_security_manager:6.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7082C313-6747-4A49-B137-0CE2CB3ADB4F"}, {"criteria": "cpe:2.3:a:symantec:enterprise_security_manager:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA255472-FE79-4395-A2CD-F527168CBDE0"}, {"criteria": "cpe:2.3:a:symantec:enterprise_security_manager:9.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "638FEDA4-7C80-46A9-83C0-E03D61AF6B1D"}], "operator": "OR"}]}], "evaluatorComment": "Per http://cwe.mitre.org/data/definitions/426.html\r\n\r\n'CWE-426: Untrusted Search Path'", "sourceIdentifier": "cve@mitre.org"}