Symantec LiveUpdate Administrator < 2.3.2 Privilege Escalation (SYM12-009)

The version of LiveUpdate Administrator running on the remote host is earlier than 2.3.2. Such versions have a privilege escalation vulnerability due to insecure file permissions set by a default installation. The webapps directory allows write access to the Everyone group. A local, unprivileged...

Symantec LiveUpdate Administrator不安全文件权限本地特权提升漏洞

Bugtraq ID: 53903 CVE ID:CVE-2012-0304 Symantec LiveUpdate是Symantec用于自动更新Symantec病毒定义和产品的技术。 Symantec LiveUpdate Administrator不正确设置部分文件权限，本地攻击者可以利用漏洞删除操作和替换应用程序文件，可导致权限提升。 0 Symantec LiveUpdate Administrator 2.3 Symantec LiveUpdate Administrator 2.2.2.9 厂商补丁： Symantec ----------- Symantec...

CVE-2012-0304

Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions Everyone: Full Control for the installation directory, which allows local users to gain privileges via a Trojan horse file...

CVE-2012-0304

The CVE-2012-0304 entry concerns Symantec LiveUpdate Administrator prior to 2.3.1. The installation directory was configured with weak permissions (Everyone: Full Control), enabling a local unprivileged user to replace or modify files that can be executed with SYSTEM privileges via a Trojan horse...