Une vulnérabilité critique dans Symantec Corporate Antivirus

Symantec Corporate Antivirus vulnérable à une faille de type escalade de privilège, permettant à n’importe quel utilisateur ou intrus de devenir maître du système.

//----- Advisory

Program              : Symantec Corporate Antivirus - 10.1
Homepage             : http://www.symantec.com/        
Discovery            : 2006/07/11
Author Contacted     : 2006/07/18
Found by             : ali at sysdream dot com
This Advisory        : ali at sysdream dot com
//----- Application description

Symantec AntiVirus Corporate Edition 10.1 combines industry-leading, real-time malware protection for enterprise workstations and network servers with graphical Web-based reporting and centralized management and administration capabilities. The solution automatically detects and repairs the effects of spyware, adware, viruses, and other malicious intrusions to enable enterprise-wide system uptime. 

//----- Description of vulnerabilities

This product is vulnerable to an escalation of privileges vulnerability. Details have not been released yet. We wait for Symantec to publish a patch.

CVE: CVE2006-3455

//----- Impact

This vulnerability allows an intruder to get the SYSTEM privileges on a Windows System, from a limited user account.

//----- Solution

Symantec has not provided any solutions at that time.

//----- Credits

http://sysdream.com

ali at sysdream dot com