Symantec Corporate Antivirus vulnérable à une faille de type escalade de privilège, permettant à n'importe quel utilisateur ou intrus de devenir maître du système.
//----- Advisory Program : Symantec Corporate Antivirus - 10.1 Homepage : http://www.symantec.com/ Discovery : 2006/07/11 Author Contacted : 2006/07/18 Found by : ali at sysdream dot com This Advisory : ali at sysdream dot com //----- Application description Symantec AntiVirus Corporate Edition 10.1 combines industry-leading, real-time malware protection for enterprise workstations and network servers with graphical Web-based reporting and centralized management and administration capabilities. The solution automatically detects and repairs the effects of spyware, adware, viruses, and other malicious intrusions to enable enterprise-wide system uptime. //----- Description of vulnerabilities This product is vulnerable to an escalation of privileges vulnerability. Details have not been released yet. We wait for Symantec to publish a patch. CVE: CVE2006-3455 //----- Impact This vulnerability allows an intruder to get the SYSTEM privileges on a Windows System, from a limited user account. //----- Solution Symantec has not provided any solutions at that time. //----- Credits http://www.sysdream.com ali at sysdream dot com