CVE-2019-12750: Symantec Endpoint Protection Local Privilege Escalation

CVE: CVE-2019-12750
Vendor: Symantec
Product: Symantec Endpoint Protection
Reported by: Kyriakos Economou (@kyREcon)
Affected Products: SEP v14.x < 14.2 (RU1), SEP v12x < 12.1 (RU6 MP10), SEP-SBE v12.x < 12.1 (RU6 MP10c)

Advisory
During the handling of specific requests by ‘SysPlant.sys’ kernel driver, a programming mistake allows an attacker to leak and corrupt kernel mode data. Successfully exploiting this issue leads to LPE as SYSTEM user.

References
Symantec Advisory
Nettitude – Exploitation Write-up Part #1   (PDF)
Nettitude – Exploitation Write-up Part #2   (PDF)

All Rights R3v3rs3d