Symantec Endpoint Encryption Unquoted Service Path Local Elevation of Privilege

SUMMARY Symantec Endpoint Encryption SEE has an unquoted search path in EEDService. This could provide a non-privileged local user the ability to successfully insert arbitrary code in the root path. AFFECTED PRODUCTS Symantec Endpoint Encryption --- CVE | Affected Versions | Remediation...

Symantec Endpoint Protection Local Client Application Device Control Buffer Overflow

SUMMARY Symantec is aware of a local access Symantec Endpoint Protection SEP client buffer overflow exploit that has been released publicly which could potentially cause a BSOD on the client or possibly allow unauthorized local privilege elevation on Symantec Endpoint Protection SEP clients...

Symantec Encryption Desktop for OS X World-Writable Files Insecure File Handling

SUMMARY Symantecs Encryption Desktop for OS X installs some temporary files with world-writable attributes during installation. In a multi-user environment, a malicious user could manipulate these world-writable files to read and write files or create files with another users permissions. AFFECTE...

Symantec Web Gateway Security Issues

SUMMARY Symantec Web Gateway SWG 5.2 Appliance management console is susceptible to security issues. Successful exploitation could result in unauthorized command execution on or access to the management console. There is also potential for unauthorized backend database manipulation. AFFECTED...

Symantec Messaging Gateway Management Console Reflected XSS

SUMMARY Symantecs Messaging Gateway management console is susceptible to a reflected cross-site scripting XSS issue found in one of the administrative interface pages. Successful exploitation could result in potential session hijacking or unauthorized actions directed against the console with the...

Symantec Management Platform Agent Static Service Key

SUMMARY The Symantec Management Platform agent and task agent installs a registry service key that is used to retrieve software packages from package servers. The registry key is locally accessible and can potentially be extracted and decrypted by an authorized local user using a static key commo...

Symantec Encryption Desktop Unquoted Search Path

SUMMARY Symantec PGP and Symantec Encryption Desktop client has an unquoted search path in RDDService. This could provide a non-privileged local user the ability to successfully insert arbitrary code in the root path. AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|--- Symante...

Symantec Workspace Virtualization Local Kernel Elevation of Privilege

SUMMARY Symantec's Workspace Virtualization, when activated/enabled on a client, is susceptible to a local access kernel elevation of privilege. The application fails to do sufficient bounds checking when passing user input to the underlying operating system. This issue could potentially allow an...

Symantec Security Information Manager Console Security Issues

SUMMARY Symantec's Security Information Manager SSIM management console is susceptible to multiple security issues. Successful exploitation could result in potential cookie stealing, session hijacking, unauthorized disclosure of sensitive application information and potential for unauthorized...

Symantec Ghost Solution Suite Memory Corruption

SUMMARY Symantecs Ghost Solution Suite is susceptible to memory corruption issues that could result in an application denial of service or possibly arbitrary code execution. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec Ghost Solution Suite | 2.x | Upgrade to the latest...

Symantec Messaging Gateway 9.5 Default SSH Password

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

PGP Universal Server Unauthorized Key Exposure

SUMMARY Symantecs PGP Universal Server, under specific circumstances, may inadvertently expose a PGP clients private key. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- PGP Universal Server | 3.2.x | PGP Universal Server 3.2.1 MP2 ISSUES CVSS2 Base Score | Impact | Exploitability |...

Symantec pcAnywhere awhost32 Denial of Service

SUMMARY A Denial of Service DoS exploit has been publicly released that can temporarily crash the awhost32 service for Symantec pcAnywhere. AFFECTED PRODUCTS Product | Version | Build | Solution ---|---|---|--- | | | Symantec pcAnywhere | 12.5.x | All | Upgrade to the latest release of pcAnywhere...

Multi-Vendor Autonomy Verity Keyview PRZ Reader Filter Overflow

SUMMARY Symantec products that ship with the Verity KeyView Filter have updated the module to address a security issue being reported in the content filter processing of specifically crafted document formats. AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|--- Symantec Mail...

Symantec AppStream ActiveX Unauthorized Access

SUMMARY Vulnerabilities were reported in an ActiveX control that Symantecs AppStream 5.2.x Client installs. Exploitation of this issue could possibly lead to unauthorized information disclosure, system information corruption or potentially allow arbitrary code execution in the context of the user...

Symantec Altiris Deployment Solution Local Access Elevation of Privilege in Client GUI

SUMMARY A local access elevation of privilege issue has been identified and resolved in the Symantec Altiris Deployment Solution Client GUI. Successful exploitation could result in unauthorized local system access on a client system. Severity Medium Remote Access adjacent network | No ---|--- Loc...

Symantec Device Driver Local Elevation of Privilege

SUMMARY A Gear Software device driver distributed with several Symantec products contains a flaw which, if successfully exploited, could allow a local elevation of privilege. Risk Impact Medium Remote Access adjacent network | No ---|--- Local Access | Yes Authentication Required | Yes Exploit...

macnav-escalate.txt

Text from URL: http://blog.carrel.org/2007/11/security-advisory-norton-antivirus-for.html == Synopsis == Symantec's Norton AntiVirus for Macintosh NAV contains a vulnerability that can lead to local privilege escalation from group admin to root the super-user without any of the usual password...

Altiris Deployment Solution Directory Traversal

SUMMARY Symantecs Altiris Deployment Solution is vulnerable to an elevation of privilege attack. Risk Impact Medium Remote Access | Yes ---|--- Local Access | Yes Authentication Required | Yes Exploit available | No AFFECTED PRODUCTS Affected Products Product | Version | Build | Solution...

Symantec SYMTDI.SYS Device Driver Local Denial of Service

SUMMARY Some versions of Symantecs device driver SYMTDI.SYS contain a vulnerability which, if successfully exploited, could allow a local attacker to cause the system to crash. Risk Impact Low Remote Access | No ---|--- Local Access | Yes Authentication Required | Yes, to the local system Exploit...