Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Security App Flaws :: b06-4777.htm

Symantec Security Advisory: Symantec AntiVirus Corporate Edition



Symantec Security Advisory: Symantec AntiVirus Corporate Edition
Symantec Security Advisory: Symantec AntiVirus Corporate Edition



=0D
-----BEGIN PGP SIGNED MESSAGE-----=0D
Hash: SHA256=0D
=0D
Symantec AntiVirus and Symantec Client Security Elevation of Privilege=0D
September 13, 2006=0D
=0D
Overview=0D
An elevation of privilege vulnerability in Symantec Client Security and=0D
Symantec AntiVirus Corporate Edition could potentially allow a local=0D
attacker to execute code with elevated privileges on the target machine. =0D
=0D
Affected Products=0D
Symantec AntiVirus Corporate Edition versions 10.0, 9.x, and 8.1 =0D
Symantec Client Security versions 3.0, 2.x, 1.x=0D
=0D
Unaffected Products=0D
Symantec AntiVirus Corporate Edition version 10.1 =0D
Symantec Client Security version 3.1=0D
Norton product line =0D
=0D
Details=0D
Deral Heiland of Layered Defense notified Symantec of a format string=0D
vulnerability within Symantec AntiVirus Corporate Edition.  If successfully=0D
exploited, the vulnerability could allow a local attacker to execute code=0D
with elevated privileges on the local system. =0D
=0D
In addition, Symantec engineers found a second format string vulnerability=0D
in the alert notification process.  This issue could allow a local user to=0D
replace the alert notification message with a format string which could=0D
cause potentially cause the Real Time Virus Scan service to crash when the=0D
notification message is displayed following the detection of a malicious=0D
file.  =0D
=0D
=0D
Symantec Response=0D
=0D
Symantec engineers have verified that these vulnerabilities exist in the=0D
product versions indicated, and have provided updates to address the issue.=0D
 =0D
=0D
Please refer to our advisory for any updates on this vulnerablity:=0D
http://www.symantec.com/avcenter/security/Content/2006.09.13.html=0D 
=0D
Symantec Product Security=0D
=0D
-----BEGIN PGP SIGNATURE-----=0D
Version: PGP Desktop 9.0.6 (Build 6060)=0D
=0D
iQEVAwUBRQ7x2By6+gFWHby+AQi3hwgAjJSJH5kmtrR/tknJQPetijsTPdjnOzr9=0D
RckwDTCd4BQQfWgU4SBO6rerdhooEFQ0O2Th2VQ8kvaeuIf09wcrkOQB2x6IDdaQ=0D
PXXdSsXsntQo/lzOLxxqQZplYaNPLCfk4NNsvpIHRVgsHLRYJF0CrD2vT6HF35OM=0D
X864YzovNFT7Q0qTo0vmqxG58q+STXrR/+R3slKj6gj8xNsk3QMHU+Z7goOz9mKZ=0D
VahzH55qc83/Id1rzk01omrt3L25V+lDLoHT7QCnGNdjJkcygLluN/jPedqQiWfr=0D
a23G2k7bku1syK8zXq9o5OyyC9B+Th8C7pB9JmAUMC2dCZqmSbHFkg===0D
=aga/=0D
-----END PGP SIGNATURE-----=0D
=0D
=0D
=0D


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH