----- Original Message ----- From: "Secunia Security Advisories" <[EMAIL PROTECTED]>
TITLE: Symantec Windows LiveUpdate NetDetect Privilege Escalation SECUNIA ADVISORY ID: SA13445 VERIFY ADVISORY: http://secunia.com/advisories/13445/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: Norton AntiVirus 2002 http://secunia.com/product/846/ Norton AntiVirus 2001 http://secunia.com/product/221/ Norton Internet Security 2001 http://secunia.com/product/2802/ Norton Internet Security 2002 http://secunia.com/product/2801/ Norton Internet Security 2003 http://secunia.com/product/969/ Norton Internet Security 2003 Professional http://secunia.com/product/970/ Norton Internet Security 2004 http://secunia.com/product/2441/ Norton Internet Security 2004 Professional http://secunia.com/product/2442/ Norton SystemWorks 2001 http://secunia.com/product/2799/ Norton SystemWorks 2002 http://secunia.com/product/2798/ Norton SystemWorks 2003 http://secunia.com/product/2797/ Norton SystemWorks 2004 http://secunia.com/product/2796/ Symantec AntiVirus for Handhelds 3.x http://secunia.com/product/2803/ Symantec Norton AntiVirus 2003 http://secunia.com/product/175/ Symantec Norton AntiVirus 2004 http://secunia.com/product/2800/ Symantec Windows LiveUpdate 1.x http://secunia.com/product/2794/ Symantec Windows LiveUpdate 2.x http://secunia.com/product/2795/ DESCRIPTION: Secure Network Operations has reported a vulnerability in Symantec Windows LiveUpdate, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to Symantec Automatic LiveUpdate allowing manipulation of certain Internet options with SYSTEM privileges. This can be exploited via the LiveUpdate GUI during an interactive LiveUpdate session when running the scheduled "NetDetect" task. Successful exploitation allows execution of arbitrary commands with escalated privileges. The vulnerability has been reported in LiveUpdate prior to version 2.5. The following products include LiveUpdate and are affected: Symantec Norton SystemWorks 2001-2004 Symantec Norton AntiVirus and Pro 2001-2004 Symantec Norton Internet Security and Pro 2001-2004 Symantec AntiVirus for Handhelds Retail and Corporate Edition v3.0 SOLUTION: Update to Symantec Windows LiveUpdate version 2.5. This is available via the LiveUpdate functionality or at: http://www.symantec.com/techsupp/files/lu/lu.html PROVIDED AND/OR DISCOVERED BY: Secure Network Operations ORIGINAL ADVISORY: Symantec: http://www.sarc.com/avcenter/security/Content/2004.12.13a.html ---------------------------------------------------------------------- ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
