The host is installed with Symantec Endpoint Protection (SEP) Client 12.1 before 12.1 RU6 MP10 or 14.x before 14.2 and is prone to a AV bypass vulnerability. A flaw is present in the application, which fails to handle an unknown code block of the component detection engine. Successful exploitation could allow attackers to bypass the antivirus and alter the file being scanned so it is not detected.