|
Norton Antivirus Corporate Edition Privilege Escalation |
|
|
|
|
Sunday, 04 September 2005 |
Summary
A security vulnerability in Norton Antivirus allows local attackers to run winhlp32 in context of local system. This would allow them to gain elevated privileges.
Credit:
The information has been provided by 3APA3A, iDEFENSE Labs.
This issue was discovered by ERRor of Domain Hell Team.The original article can be found at: http://www.idefense.com/application/poi/display?id=298&type=vulnerabilities.
The vendor advisory can be found at: http://www.symantec.com/avcenter/security/Content/2005.08.24.html.
Details
Vulnerable systems:
* Norton Antivirus Corporate Edition version 7.60 Build 962
* Norton Antivirus Corporate Edition version 7.5.1 Build 62
* Norton Antivirus Corporate Edition version 7.6.1 Build 35a
* Norton Antivirus Corporate Edition version 9.0.1.1000
Norton Antivirus adds "Scan for Viruses..." item to Explorers context menu. Application launched if this item is selected has local system context. Application has "Help" button which allows starting winhlp32 in context of Local System. Winhlp32 allows user to execute code with credentials of this application.
Vendor response:
According to Symantec reply on the moment this problem was reported to Symantec fix was ready and tested:
This vulnerability has been eliminated in current versions of Symantec Norton Antivirus Corporate Edition, version 7.5.1 Build 62 and later as well as version 7.6.1 Build 35a and later that are available for download.
The vendor has issued a fix for version 9.0.1.1000 that can be found at: https://www-secure.symantec.com/platinum/ and https://fileconnect.symantec.com/licenselogin.jsp
CVE Information:
CAN-2005-2017
Disclosure Timeline:
06/15/2005 Initial vendor notification
06/15/2005 Initial vendor response
08/29/2005 Coordinated public disclosure |