Vulnerabilities > CVE-2007-3800 - Unspecified vulnerability in Symantec Client Security and Norton Antivirus

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
symantec
nessus

Summary

Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code.

Vulnerable Configurations

Part Description Count
Application
Symantec
48

Nessus

NASL familyWindows
NASL idSAVCE_LOCAL_PRIV_ESCALATION.NASL
descriptionThe remote installation of Symantec Antivirus Corporate Edition (SAVCE) or Symantec Client Security contains a flaw in the Real-Time scanner (RTVScan) component because it fails to drop its privileges with in a threat notification window. A local attacker may be able to leverage this flaw to elevate his privileges to SYSTEM level and gain complete control of the affected system. Note that successful exploitation requires that the Notification Message window be enabled.
last seen2020-06-01
modified2020-06-02
plugin id25734
published2007-07-19
reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/25734
titleSymantec SAVCE RTVScan Component Local Privilege Escalation (SYM07-017)
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
  script_id(25734);
  script_version("1.15");

  script_cve_id("CVE-2007-3800");
  script_bugtraq_id(24810);

  script_name(english:"Symantec SAVCE RTVScan Component Local Privilege Escalation (SYM07-017)");

 script_set_attribute(attribute:"synopsis", value:
"The remote host contains a program that is affected by a local
privilege escalation vulnerability." );
 script_set_attribute(attribute:"description", value:
"The remote installation of Symantec Antivirus Corporate Edition
(SAVCE) or Symantec Client Security contains a flaw in the Real-Time
scanner (RTVScan) component because it fails to drop its privileges
with in a threat notification window.  A local attacker may be able to
leverage this flaw to elevate his privileges to SYSTEM level and gain
complete control of the affected system. 

Note that successful exploitation requires that the Notification
Message window be enabled." );
 script_set_attribute(attribute:"see_also", value:"https://support.symantec.com/en_US/article.SYMSA1127.html" );
 script_set_attribute(attribute:"solution", value:
"SAVCE product branch 9.0 should be be upgraded to 9.0.6.1100 or
better.  SAVCE product branch 10.0 & 10.1 should be upgraded to
10.1.4.4010 or better." );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
 script_set_attribute(attribute:"plugin_publication_date", value: "2007/07/19");
 script_set_attribute(attribute:"vuln_publication_date", value: "2007/07/12");
 script_cvs_date("Date: 2018/11/15 20:50:28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_end_attributes();

  script_summary(english:"Checks if version of SAVCE");
  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
  script_family(english:"Windows");
  script_dependencies("savce_installed.nasl");
  script_require_keys("Antivirus/SAVCE/version");
  exit(0);
}

#

prod_ver = get_kb_item("Antivirus/SAVCE/version");
if(!prod_ver) exit(0);

ver = split(prod_ver, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

if 	(ver[0] == 9)  latest_prod_ver = "9.0.6.1100";
else if (ver[0] == 10) latest_prod_ver = "10.1.4.4010";
else exit(0);

fix = split(latest_prod_ver, sep:'.', keep:FALSE);
for (i=0; i<max_index(fix); i++)
  fix[i] = int(fix[i]);

for (i=0; i<max_index(ver); i++)
  if (!isnull(fix[i]) && ver[i] < fix[i])
  {
    report = string(
      '\n',
      "Remote product version : ", prod_ver, "\n"
    );
    security_warning(port:get_kb_item("SMB/transport"), extra:report);
    exit(0);
  }
  else if (isnull(fix[i]) || ver[i] > fix[i])
    break;