* Technical Description *
A vulnerability was identified in Symantec AntiVirus Corporate and Symantec Client Security, which could be exploited by local attackers to obtain elevated privileges. This flaw is due to an error in the HTML help interface that assumes permissions from the Symantec AntiVirus Corporate Edition privileged access, rather than retaining the more restrictive user privileges assigned to a non-privileged logged-in user, which may be exploited by malicious users to gain the ability to browse all system files or execute local applications and programs with "SYSTEM" privilege.
* Affected Products *
Symantec AntiVirus Corporate Edition version 9.0
Symantec AntiVirus Corporate Edition version 9.0.1
Symantec AntiVirus Corporate Edition version 9.0.2
Symantec Client Security version 2.0
Symantec Client Security version 2.0.1
Symantec Client Security version 2.0.2
* Solution *
Upgrade to MR3 or later through the Platinum Support Web Site or FileConnect.
* References *
http://www.frsirt.com/english/advisories/2005/1523http://securityresponse.symantec.com/avcenter/security/Content/2005.08.24.html
AlphaOne Technology Support Forums
Author
Logged
