Cisco Talos is disclosing an information leak vulnerability in the ccSetx86.sys kernel driver of Symantec Endpoint Protection Small Business Edition. The vulnerability exists in the drivers control message handler. An attacker can send specially crafted requests to cause the driver to return uninitialized chunks of kernel memory, potentially leaking sensitive information. An unprivileged user can run a program from user mode to trigger this vulnerability. The default access control for the device allows any user on the system to send IOCTL requests to the driver.”]
Source: https://blog.talosintelligence.com/2019/04/vulnerability-spotlight-symantec.html