DH team: Norton Antivirus Corporate Edition Privilege Escalation

2002-10-24T00:00:00
ID SECURITYVULNS:DOC:3675
Type securityvulns
Reporter Securityvulns
Modified 2002-10-24T00:00:00

Description

Dear Bugtraq,

Product: Norton Antivirus Corporate Edition (Final 7.60.962) Vendor: Symantec Type: Local Risk: High (system privileges) Discovered: ERRor <error@pochtamt.ru> of Domain HELL Team

Description:

Norton Antivirus allows to run winhlp32 in context of local system.

Details:

Norton Antivirus adds "Scan for Viruses..." item to Explorer's context menu. Application launched if this item is selected has local system context. Application has "Help" button which allows to start winhlp32 in context of Local System. winhlp32 allows user to execute code with credentials of this application.

Vendor:

According to Symantec reply on the moment this problem was reported to Symantec fix was ready and tested:

This vulnerability has been eliminated in current versions of Symantec Norton AntiVirus Corporate Edition, version 7.5.1 Build 62 and later as well as version 7.6.1 Build 35a and later that are available for download.

Credits:

This issue was discovered by ERRor of Domain Hell Team.

-- http://www.security.nnov.ru /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } +-------------o66o--+ / |/ You know my name - look up my number (The Beatles)