Vulnerability CVE-2016-5311


Published: 2020-01-09

Description:
A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges.

Type:

CWE-427

(Uncontrolled Search Path Element)

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Symantec -> Endpoint protection 
Symantec -> Endpoint protection cloud 
Symantec -> Norton 360 
Symantec -> Norton antivirus 
Symantec -> Norton antivirus with backup 
Symantec -> Norton family 
Symantec -> Norton internet security 
Symantec -> Norton security 
Symantec -> Norton security with backup 

 References:
http://www.securityfocus.com/bid/94295
http://www.securitytracker.com/id/1037323
http://www.securitytracker.com/id/1037324
http://www.securitytracker.com/id/1037325
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00

Copyright 2024, cxsecurity.com

 

Back to Top