Symantec Security Advisory: Symantec AntiVirus Corporate Edition Sep 18 2006 07:18PM
secure symantec com


-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Symantec AntiVirus and Symantec Client Security Elevation of Privilege

September 13, 2006

Overview

An elevation of privilege vulnerability in Symantec Client Security and

Symantec AntiVirus Corporate Edition could potentially allow a local

attacker to execute code with elevated privileges on the target machine.

Affected Products

Symantec AntiVirus Corporate Edition versions 10.0, 9.x, and 8.1

Symantec Client Security versions 3.0, 2.x, 1.x

Unaffected Products

Symantec AntiVirus Corporate Edition version 10.1

Symantec Client Security version 3.1

Norton product line

Details

Deral Heiland of Layered Defense notified Symantec of a format string

vulnerability within Symantec AntiVirus Corporate Edition. If successfully

exploited, the vulnerability could allow a local attacker to execute code

with elevated privileges on the local system.

In addition, Symantec engineers found a second format string vulnerability

in the alert notification process. This issue could allow a local user to

replace the alert notification message with a format string which could

cause potentially cause the Real Time Virus Scan service to crash when the

notification message is displayed following the detection of a malicious

file.

Symantec Response

Symantec engineers have verified that these vulnerabilities exist in the

product versions indicated, and have provided updates to address the issue.

Please refer to our advisory for any updates on this vulnerablity:

http://www.symantec.com/avcenter/security/Content/2006.09.13.html

Symantec Product Security

-----BEGIN PGP SIGNATURE-----

Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRQ7x2By6+gFWHby+AQi3hwgAjJSJH5kmtrR/tknJQPetijsTPdjnOzr9

RckwDTCd4BQQfWgU4SBO6rerdhooEFQ0O2Th2VQ8kvaeuIf09wcrkOQB2x6IDdaQ

PXXdSsXsntQo/lzOLxxqQZplYaNPLCfk4NNsvpIHRVgsHLRYJF0CrD2vT6HF35OM

X864YzovNFT7Q0qTo0vmqxG58q+STXrR/+R3slKj6gj8xNsk3QMHU+Z7goOz9mKZ

VahzH55qc83/Id1rzk01omrt3L25V+lDLoHT7QCnGNdjJkcygLluN/jPedqQiWfr

a23G2k7bku1syK8zXq9o5OyyC9B+Th8C7pB9JmAUMC2dCZqmSbHFkg==

=aga/

-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus