NI3
10-30-2003, 11:35 AM
Secunia Advisory: SA7394
Release Date: 2002-10-25
Last Update: 2003-10-27
Critical: Less critical
Impact: Privilege escalation
Where: Local system
Software: Norton AntiVirus Corporate Edition 7.x
Description:
A vulnerability has been reported in Norton AntiVirus Corporate Edition 7.5 and 7.6, which can be exploited by malicious, local users to escalate privileges.
The problem is that the Norton AntiVirus invokes the Windows Help interface with LocalSystem privileges. This can be exploited to execute arbitrary commands on a system with escalated privileges.
Solution:
Symantec / Norton has released new versions, which are not vulnerable.
7.5.1 Build 62 and later are not vulnerable.
7.6.1 Build 35a and later are not vulnerable.
Reported by / credits:
ERRor
Found: 2 Related Secunia Security Advisories
- Symantec/Norton Anti Virus Denial of Service Vulnerability
- Symantec Norton AntiVirus Fails to Detect Malware on Floppy
Release Date: 2002-10-25
Last Update: 2003-10-27
Critical: Less critical
Impact: Privilege escalation
Where: Local system
Software: Norton AntiVirus Corporate Edition 7.x
Description:
A vulnerability has been reported in Norton AntiVirus Corporate Edition 7.5 and 7.6, which can be exploited by malicious, local users to escalate privileges.
The problem is that the Norton AntiVirus invokes the Windows Help interface with LocalSystem privileges. This can be exploited to execute arbitrary commands on a system with escalated privileges.
Solution:
Symantec / Norton has released new versions, which are not vulnerable.
7.5.1 Build 62 and later are not vulnerable.
7.6.1 Build 35a and later are not vulnerable.
Reported by / credits:
ERRor
Found: 2 Related Secunia Security Advisories
- Symantec/Norton Anti Virus Denial of Service Vulnerability
- Symantec Norton AntiVirus Fails to Detect Malware on Floppy