Home page logo
/

bugtraq logo Bugtraq mailing list archives

DH team: Norton Antivirus Corporate Edition Privilege Escalation
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Thu, 24 Oct 2002 14:39:59 +0400

Dear Bugtraq,

  Product: Norton Antivirus Corporate Edition (Final 7.60.962)
  Vendor: Symantec
  Type: Local
  Risk: High (system privileges)
  Discovered: ERRor <error () pochtamt ru> of Domain HELL Team

  Description:

  Norton Antivirus allows to run winhlp32 in context of local system.

  Details:

  Norton Antivirus adds "Scan for Viruses..." item to Explorer's context
  menu.  Application  launched if this item is selected has local system
  context.  Application has "Help" button which allows to start winhlp32
  in  context of Local System. winhlp32 allows user to execute code with
  credentials of this application.

  Vendor:

  According to Symantec reply on the moment this problem was reported to
  Symantec fix was ready and tested:

  This vulnerability has been eliminated in current versions of Symantec
  Norton  AntiVirus  Corporate Edition, version 7.5.1 Build 62 and later
  as  well  as  version 7.6.1 Build 35a and later that are available for
  download.

  Credits:

  This issue was discovered by ERRor of Domain Hell Team.
  




-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   }
+-------------o66o--+ /
                    |/
You know my name - look up my number (The Beatles)


  By Date           By Thread  

Current thread:
  • DH team: Norton Antivirus Corporate Edition Privilege Escalation 3APA3A (Oct 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]