|
|
|
|
| |
Credit:
The original article can be found at: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2017
The original article can be found at: http://www.securityfocus.com/bid/14524
|
| |
Vulnerable Systems:
* Symantec Client Security 2.0.2 MR2 b9.0.2.1000
* Symantec Client Security 2.0.1 MR1 b9.0.1.1000
* Symantec Client Security 2.0 STM build 9.0.0.338
* Symantec Client Security 2.0 (SCF 7.1)
* Symantec Client Security 2.0 (SCF 7.1)
* Symantec Client Security 2.0
* Symantec AntiVirus Corporate Edition 9.0.2 .1000
* Symantec AntiVirus Corporate Edition 9.0.1 .1.1000
* Symantec AntiVirus Corporate Edition 9.0 .0.338
* Symantec AntiVirus Corporate Edition 9.0
Symantec AntiVirus Corporate Edition is susceptible to a local privilege escalation vulnerability. This issue is due to a failure of the application to properly lower the privileges of the running process when required.
Due to the nature of the affected application, it executes with SYSTEM privileges. When a local user opens the HTML help browser from the affected application, it is executed with the same elevated privileges as the calling application.
This vulnerability allows local attackers to access and execute arbitrary files with SYSTEM privileges, facilitating the compromise of the local computer.
Vendor Status:
Symantec as issued an update for this vulnerablity
Patch Availability:
http://www.symantec.com/avcenter/security/Content/2005.08.24.html
CVE Information:
CVE-2005-2017
|
|
|
|
|
