Symantec DLP <=14.0.2 Buffer Overflow (RCE) via Crafted Doc
CVE-2024-23617 Published on January 26, 2024

Symantec Data Loss Prevention Buffer Overflow
A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution.

NVD

Vulnerability Analysis

CVE-2024-23617 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a Buffer Overflow Vulnerability?

The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

CVE-2024-23617 has been classified to as a Buffer Overflow vulnerability or weakness.


Products Associated with CVE-2024-23617

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-23617 are published in Broadcom Symantec Data Center Security Server:

Broadcom Symantec Data Center Security Server
 

Affected Versions

Symantec Data Loss Prevention:

Exploit Probability

EPSS
2.38%
Percentile
84.69%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.