Une vulnérabilité critique dans Symantec Corporate Antivirus
Symantec Corporate Antivirus vulnérable à une faille de type escalade de privilège, permettant à n'importe quel utilisateur ou intrus de devenir maître du système.Symantec Corporate Antivirus vulnérable à une faille de type escalade de privilège, permettant à n’importe quel utilisateur ou intrus de devenir maître du système.
//----- Advisory
Program : Symantec Corporate Antivirus - 10.1
Homepage : http://www.symantec.com/
Discovery : 2006/07/11
Author Contacted : 2006/07/18
Found by : ali at sysdream dot com
This Advisory : ali at sysdream dot com
//----- Application description
Symantec AntiVirus Corporate Edition 10.1 combines industry-leading, real-time malware protection for enterprise workstations and network servers with graphical Web-based reporting and centralized management and administration capabilities. The solution automatically detects and repairs the effects of spyware, adware, viruses, and other malicious intrusions to enable enterprise-wide system uptime.
//----- Description of vulnerabilities
This product is vulnerable to an escalation of privileges vulnerability. Details have not been released yet. We wait for Symantec to publish a patch.
CVE: CVE2006-3455
//----- Impact
This vulnerability allows an intruder to get the SYSTEM privileges on a Windows System, from a limited user account.
//----- Solution
Symantec has not provided any solutions at that time.
//----- Credits
http://sysdream.com
ali at sysdream dot com