Vulnerabilities > CVE-2007-3800 - Unspecified vulnerability in Symantec Client Security and Norton Antivirus
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN symantec
nessus
Summary
Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code.
Vulnerable Configurations
Nessus
NASL family | Windows |
NASL id | SAVCE_LOCAL_PRIV_ESCALATION.NASL |
description | The remote installation of Symantec Antivirus Corporate Edition (SAVCE) or Symantec Client Security contains a flaw in the Real-Time scanner (RTVScan) component because it fails to drop its privileges with in a threat notification window. A local attacker may be able to leverage this flaw to elevate his privileges to SYSTEM level and gain complete control of the affected system. Note that successful exploitation requires that the Notification Message window be enabled. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 25734 |
published | 2007-07-19 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/25734 |
title | Symantec SAVCE RTVScan Component Local Privilege Escalation (SYM07-017) |
code |
|
References
- http://osvdb.org/36116
- http://osvdb.org/36116
- http://secunia.com/advisories/26054
- http://secunia.com/advisories/26054
- http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11c.html
- http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11c.html
- http://www.securityfocus.com/bid/24810
- http://www.securityfocus.com/bid/24810
- http://www.vupen.com/english/advisories/2007/2506
- http://www.vupen.com/english/advisories/2007/2506
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35352
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35352