Symantec Windows LiveUpdate Local Privilege Escalation Vulnerability

Symantec Windows LiveUpdate is reported prone to a local privilege escalation vulnerability. This issue can allow a local unprivileged attacker to gain administrative privileges on a vulnerable computer.

It is reported that this issue only presents itself during an interactive LiveUpdate session. A local attacker may influence the LiveUpdate GUI Internet options configuration functionality in a manner that grants them elevated privileges.

This issue affects Windows LiveUpdate on computers running retail versions of Symantec products and Symantec AntiVirus for Handhelds Corporate Edition v3.0.


Privacy Statement
Copyright 2010, SecurityFocus