Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14316
HistorySep 19, 2006 - 12:00 a.m.

Symantec Security Advisory: Symantec AntiVirus Corporate Edition

2006-09-1900:00:00
vulners.com
11
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Symantec AntiVirus and Symantec Client Security Elevation of Privilege
September 13, 2006

Overview
An elevation of privilege vulnerability in Symantec Client Security and
Symantec AntiVirus Corporate Edition could potentially allow a local
attacker to execute code with elevated privileges on the target machine.

Affected Products
Symantec AntiVirus Corporate Edition versions 10.0, 9.x, and 8.1
Symantec Client Security versions 3.0, 2.x, 1.x

Unaffected Products
Symantec AntiVirus Corporate Edition version 10.1
Symantec Client Security version 3.1
Norton product line

Details
Deral Heiland of Layered Defense notified Symantec of a format string
vulnerability within Symantec AntiVirus Corporate Edition. If successfully
exploited, the vulnerability could allow a local attacker to execute code
with elevated privileges on the local system.

In addition, Symantec engineers found a second format string vulnerability
in the alert notification process. This issue could allow a local user to
replace the alert notification message with a format string which could
cause potentially cause the Real Time Virus Scan service to crash when the
notification message is displayed following the detection of a malicious
file.

Symantec Response

Symantec engineers have verified that these vulnerabilities exist in the
product versions indicated, and have provided updates to address the issue.

Please refer to our advisory for any updates on this vulnerablity:
http://www.symantec.com/avcenter/security/Content/2006.09.13.html

Symantec Product Security

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRQ7x2By6+gFWHby+AQi3hwgAjJSJH5kmtrR/tknJQPetijsTPdjnOzr9
RckwDTCd4BQQfWgU4SBO6rerdhooEFQ0O2Th2VQ8kvaeuIf09wcrkOQB2x6IDdaQ
PXXdSsXsntQo/lzOLxxqQZplYaNPLCfk4NNsvpIHRVgsHLRYJF0CrD2vT6HF35OM
X864YzovNFT7Q0qTo0vmqxG58q+STXrR/+R3slKj6gj8xNsk3QMHU+Z7goOz9mKZ
VahzH55qc83/Id1rzk01omrt3L25V+lDLoHT7QCnGNdjJkcygLluN/jPedqQiWfr
a23G2k7bku1syK8zXq9o5OyyC9B+Th8C7pB9JmAUMC2dCZqmSbHFkg==
=aga/
-----END PGP SIGNATURE-----

JSON