[NT] Norton Antivirus Corporate Edition Privilege Escalation
From: support@securiteam.comDate: 10/25/02
- Previous message: support@securiteam.com: "[UNIX] XSS Vulnerability in Mojo Mail Sign-Up Form"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: 25 Oct 2002 15:14:34 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Norton Antivirus Corporate Edition Privilege Escalation
------------------------------------------------------------------------
SUMMARY
A security vulnerability in Norton Antivirus allows local attackers to run
winhlp32 in context of local system. This would allow them to gain
elevated privileges.
DETAILS
Vulnerable systems:
* Norton Antivirus Corporate Edition version 7.60 Build 962
* Norton Antivirus Corporate Edition version 7.5.1 Build 62
* Norton Antivirus Corporate Edition version 7.6.1 Build 35a
Norton Antivirus adds "Scan for Viruses..." item to Explorer's context
menu. Application launched if this item is selected has local system
context. Application has "Help" button which allows starting winhlp32 in
context of Local System. Winhlp32 allows user to execute code with
credentials of this application.
Vendor response:
According to Symantec reply on the moment this problem was reported to
Symantec fix was ready and tested:
This vulnerability has been eliminated in current versions of Symantec
Norton Antivirus Corporate Edition, version 7.5.1 Build 62 and later as
well as version 7.6.1 Build 35a and later that are available for download.
ADDITIONAL INFORMATION
The information has been provided by <mailto:3APA3A@SECURITY.NNOV.RU>
3APA3A.
This issue was discovered by ERRor of Domain Hell Team.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] XSS Vulnerability in Mojo Mail Sign-Up Form"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- Re: SceCli Event ID 1202 error - Local System
... Ihave 3 different domains with default configuration and also with high security configuration
for the DC's. ... But on NONE of them is local system added to the "Create a token object"
user right. ... getting the above error about the Local System account. ... (microsoft.public.windows.server.active_directory) - Re: SMS 20003 Install
... simple to change the security mode to advanced. ... > know how to run tasks
as local system. ... > local system and launch any troubleshooting tasks from
this window then ... > Would that make troubleshooting advanced security easier, ...
(microsoft.public.sms.setup) - [NT] Symantec Device Driver Elevation of Privilege
... Get your security news from a reliable source. ... Symantec Device Driver
Elevation of Privilege ... Symantec AntiVirus Corporate Edition version 9.0.3 and earlier
... (Securiteam) - Re: Any non secure alternative to WMI?
... kind of security in place otherwise any hacker could hack any system. ...
On a local system, there are also different levels of user access (e.g. ... (microsoft.public.win32.programmer.wmi) - Re: How to write Events into the security log
... write events into the securitylog for local and remote systems. ... events into
the security log of local and remote systems. ... >> events into the security log
for local system having administrator ... (microsoft.public.platformsdk.security)
