In association with heise online

14 September 2006, 12:34

Privilege elevation in Symantec's Corporate Antivirus

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Symantec's anti-virus solution for corporate networks allows local users to elevate their privileges. The company has released updates to close the holes.

The affected Symantec products allow users to adapt error messages produced by what is known as Tamper Protection. The same is true for the messages provided by the "Alert Notification." Yet the software does not validate user input; an exploitation of this format string vulnerability could allow users to execute code with root rights.

The error is present in Symantec AntiVirus Corporate Edition 8.1, 9.x and 10.0 as well as Symantec Client Security 1.x, 2.x and 3.0. Symantec's security advisory provides links to updates that administrators should install as soon as possible.

Please see also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit