<<< Date Index >>>     <<< Thread Index >>>

Symantec Security Advisory: Symantec AntiVirus Corporate Edition



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Symantec AntiVirus and Symantec Client Security Elevation of Privilege
September 13, 2006

Overview
An elevation of privilege vulnerability in Symantec Client Security and
Symantec AntiVirus Corporate Edition could potentially allow a local
attacker to execute code with elevated privileges on the target machine. 

Affected Products
Symantec AntiVirus Corporate Edition versions 10.0, 9.x, and 8.1 
Symantec Client Security versions 3.0, 2.x, 1.x

Unaffected Products
Symantec AntiVirus Corporate Edition version 10.1 
Symantec Client Security version 3.1
Norton product line 

Details
Deral Heiland of Layered Defense notified Symantec of a format string
vulnerability within Symantec AntiVirus Corporate Edition.  If successfully
exploited, the vulnerability could allow a local attacker to execute code
with elevated privileges on the local system. 

In addition, Symantec engineers found a second format string vulnerability
in the alert notification process.  This issue could allow a local user to
replace the alert notification message with a format string which could
cause potentially cause the Real Time Virus Scan service to crash when the
notification message is displayed following the detection of a malicious
file.  


Symantec Response

Symantec engineers have verified that these vulnerabilities exist in the
product versions indicated, and have provided updates to address the issue.
 

Please refer to our advisory for any updates on this vulnerablity:
http://www.symantec.com/avcenter/security/Content/2006.09.13.html

Symantec Product Security

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRQ7x2By6+gFWHby+AQi3hwgAjJSJH5kmtrR/tknJQPetijsTPdjnOzr9
RckwDTCd4BQQfWgU4SBO6rerdhooEFQ0O2Th2VQ8kvaeuIf09wcrkOQB2x6IDdaQ
PXXdSsXsntQo/lzOLxxqQZplYaNPLCfk4NNsvpIHRVgsHLRYJF0CrD2vT6HF35OM
X864YzovNFT7Q0qTo0vmqxG58q+STXrR/+R3slKj6gj8xNsk3QMHU+Z7goOz9mKZ
VahzH55qc83/Id1rzk01omrt3L25V+lDLoHT7QCnGNdjJkcygLluN/jPedqQiWfr
a23G2k7bku1syK8zXq9o5OyyC9B+Th8C7pB9JmAUMC2dCZqmSbHFkg==
=aga/
-----END PGP SIGNATURE-----