Forum Index
Home Forum Radio Memberlist Help Search Quick Links

It appears you have not yet registered with our community which limits what you can do & see. It's Free To register, please click here.



Forum Index » Internet » Security Alerts and vulnerabilities » Symantec LiveUpdate Vulnerability
Register Calendar Gallery Mark Forums Read

Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here..

Reply
 
Thread Tools Display Modes
  #1  
Old 12-14-2004, 07:57 AM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,574
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
Secure Network Operations has reported a vulnerability in Symantec Windows LiveUpdate, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to Symantec Automatic LiveUpdate allowing manipulation of certain Internet options with SYSTEM privileges. This can be exploited via the LiveUpdate GUI during an interactive LiveUpdate session when running the scheduled "NetDetect" task.

Successful exploitation allows execution of arbitrary commands with escalated privileges.

The vulnerability has been reported in LiveUpdate prior to version 2.5.

The following products include LiveUpdate and are affected:
Symantec Norton SystemWorks 2001-2004
Symantec Norton AntiVirus and Pro 2001-2004
Symantec Norton Internet Security and Pro 2001-2004
Symantec AntiVirus for Handhelds Retail and Corporate Edition v3.0

Solution:
Update to Symantec Windows LiveUpdate version 2.5.

This is available via the LiveUpdate functionality or at:
http://www.symantec.com/techsupp/files/lu/lu.html
Reply With Quote
Posted


Reply

« Previous Thread | Next Thread »
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Slowwww Download Speeds hoops_humphrey Spyware / Virus Removal 18 06-16-2005 12:51 AM
eliteuvf32.exe?? AdWare? Alex Spyware / Virus Removal 31 05-17-2005 08:50 PM
Symantec Products Unspecified DNS Cache Poisoning Mobo Security Alerts and vulnerabilities 0 03-16-2005 10:00 PM
Symantec LiveUpdate Mobo Software Update Alerts 0 12-05-2004 07:03 AM
Symantec LiveUpdate "ZIP Bombing" Denial of Se Mobo Security Alerts and vulnerabilities 1 11-12-2004 03:49 PM



All times are GMT -5. The time now is 09:17 PM.

Contact Us - CyberAnswers - Archive - Privacy Statement - Top

Firefox 2