The host is installed with Symantec Enterprise Security Manager (ESM) before 11.0 and is prone to multiple unquoted Windows search path vulnerabilities. The flaws are present in the application, which fails to properly handle memory. Successful exploitation allows an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.