CVE-2018-18366

Summary

Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.7002 and SEP Cloud prior to 22.16.3 may be susceptible to a kernel memory disclosure, which is a type of issue where a specially crafted IRP request can cause the driver to return uninitialized memory.

Affected Software

VendorProductVersion RangeStatus
Symantec CorporationNorton SecurityPrior to 22.16.3affected
Symantec CorporationSEP (Windows client)Prior to and including 12.1 RU6 MP9affected
Symantec CorporationSEP (Windows client)Prior to 14.2 RU1affected
Symantec CorporationSEP SBEPrior to Cloud Agent 3.00.31.2817affected
Symantec CorporationSEP SBENIS-22.15.2.22affected
Symantec CorporationSEP SBESEP-12.1.7484.7002affected
Symantec CorporationSEP CloudPrior to 22.16.3affected

Weaknesses

  • Kernel memory disclosure

ADP Enrichment

CVE Program Container

Additional References

References