OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: 3APA3A (3APA3A_at_SECURITY.NNOV.RU)
Date: Thu Oct 24 2002 - 05:39:59 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Dear Bugtraq,

      Product: Norton Antivirus Corporate Edition (Final 7.60.962)
      Vendor: Symantec
      Type: Local
      Risk: High (system privileges)
      Discovered: ERRor <errorpochtamt.ru> of Domain HELL Team

      Description:

      Norton Antivirus allows to run winhlp32 in context of local system.

      Details:

      Norton Antivirus adds "Scan for Viruses..." item to Explorer's context
      menu. Application launched if this item is selected has local system
      context. Application has "Help" button which allows to start winhlp32
      in context of Local System. winhlp32 allows user to execute code with
      credentials of this application.

      Vendor:

      According to Symantec reply on the moment this problem was reported to
      Symantec fix was ready and tested:

      This vulnerability has been eliminated in current versions of Symantec
      Norton AntiVirus Corporate Edition, version 7.5.1 Build 62 and later
      as well as version 7.6.1 Build 35a and later that are available for
      download.

      Credits:

      This issue was discovered by ERRor of Domain Hell Team.
      

    -- 
    http://www.security.nnov.ru
             /\_/\
            { , . }     |\
    +--oQQo->{ ^ }<-----+ \
    |  ZARAZA  U  3APA3A   }
    +-------------o66o--+ /
                        |/
    You know my name - look up my number (The Beatles)