The host is installed with Symantec Endpoint Protection Client before 12.1 RU6 MP5 and is prone to a CAB decompression memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted CAB file that is mishandled during decompression. Successful exploitation allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption).