Symantec's Endpoint Protection product has three zero-day flaws that could allow a logged-in user to move to a higher access level on a computer, according to a penetration testing and training company. The three flaws, all known as privilege escalation vulnerabilities, were found during a security test of a financial services company, said Mati Aharoni, lead trainer and developer for Offensive Security, in a phone interview late Tuesday.