Symantec Multiple Product Real-time Scanner (RTVScan) Notification Message Local Privilege Escalation

2007-07-11T18:37:47
ID OSVDB:36116
Type osvdb
Reporter OSVDB
Modified 2007-07-11T18:37:47

Description

Vulnerability Description

Multiple Symantec security products contain a flaw that may allow a local user to gain privileges. The issue is due to the Real-time Scanner (RTVScan) notification message window not properly handling user-supplied input. By passing crafted code to the program, a local attacker may be able to execute arbitrary code with increased privileges.

Short Description

Multiple Symantec security products contain a flaw that may allow a local user to gain privileges. The issue is due to the Real-time Scanner (RTVScan) notification message window not properly handling user-supplied input. By passing crafted code to the program, a local attacker may be able to execute arbitrary code with increased privileges.

References:

Vendor Specific News/Changelog Entry: http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11c.html Secunia Advisory ID:26054 FrSIRT Advisory: ADV-2007-2506 CVE-2007-3800 Bugtraq ID: 24810