Search
Find a vulnerability
Search criteria
6 vulnerabilities found for norton_utilities by symantec
CVE-2018-5235 (GCVE-0-2018-5235)
Vulnerability from nvd – Published: 2018-08-22 17:00 – Updated: 2024-09-16 20:31
VLAI
Summary
Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.
Severity
No CVSS data available.
CWE
- DLL Preloading
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/105099 | vdb-entryx_refsource_BID |
| https://support.symantec.com/en_US/article.SYMSA1… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Norton Utilities |
Affected:
Prior to 16.0.3.44
|
Date Public
2018-08-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:42.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105099",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105099"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Norton Utilities",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 16.0.3.44"
}
]
}
],
"datePublic": "2018-08-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Preloading",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-23T09:57:01.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "105099",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105099"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-08-15T00:00:00",
"ID": "CVE-2018-5235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Norton Utilities",
"version": {
"version_data": [
{
"version_value": "Prior to 16.0.3.44"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Preloading"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105099",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105099"
},
{
"name": "https://support.symantec.com/en_US/article.SYMSA1459.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-5235",
"datePublished": "2018-08-22T17:00:00.000Z",
"dateReserved": "2018-01-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:31:27.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1836 (GCVE-0-2006-1836)
Vulnerability from nvd – Published: 2006-04-19 16:00 – Updated: 2024-08-07 17:27
VLAI
Summary
Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/100 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/17571 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/1386 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/431318/100… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1015953 | vdb-entryx_refsource_SECTRACK |
| http://securityresponse.symantec.com/avcenter/sec… | x_refsource_CONFIRM |
| http://secunia.com/advisories/19682 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-04-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/100"
},
{
"name": "17571",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17571"
},
{
"name": "ADV-2006-1386",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1386"
},
{
"name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
},
{
"name": "1015953",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015953"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
},
{
"name": "19682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19682"
},
{
"name": "liveupdate-exepath-env-privilege-escalation(25839)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "100",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/100"
},
{
"name": "17571",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17571"
},
{
"name": "ADV-2006-1386",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1386"
},
{
"name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
},
{
"name": "1015953",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015953"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
},
{
"name": "19682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19682"
},
{
"name": "liveupdate-exepath-env-privilege-escalation(25839)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/100"
},
{
"name": "17571",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17571"
},
{
"name": "ADV-2006-1386",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1386"
},
{
"name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
},
{
"name": "1015953",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015953"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
},
{
"name": "19682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19682"
},
{
"name": "liveupdate-exepath-env-privilege-escalation(25839)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1836",
"datePublished": "2006-04-19T16:00:00.000Z",
"dateReserved": "2006-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:27:29.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1380 (GCVE-0-1999-1380)
Vulnerability from nvd – Published: 2002-03-09 05:00 – Updated: 2024-08-01 17:11
VLAI
Summary
Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://mlarchive.ima.com/win95/1997/May/0342.html | x_refsource_MISC |
| http://www.iss.net/security_center/static/7188.php | vdb-entryx_refsource_XF |
| http://news.zdnet.co.uk/story/0%2C%2Cs2065518%2C00.html | x_refsource_MISC |
| http://www.net-security.sk/bugs/NT/nu20.html | x_refsource_MISC |
Date Public
1997-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:11:02.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mlarchive.ima.com/win95/1997/May/0342.html"
},
{
"name": "nu-tuneocx-activex-control(7188)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7188.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://news.zdnet.co.uk/story/0%2C%2Cs2065518%2C00.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.net-security.sk/bugs/NT/nu20.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1997-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mlarchive.ima.com/win95/1997/May/0342.html"
},
{
"name": "nu-tuneocx-activex-control(7188)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7188.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://news.zdnet.co.uk/story/0%2C%2Cs2065518%2C00.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.net-security.sk/bugs/NT/nu20.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mlarchive.ima.com/win95/1997/May/0342.html",
"refsource": "MISC",
"url": "http://mlarchive.ima.com/win95/1997/May/0342.html"
},
{
"name": "nu-tuneocx-activex-control(7188)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7188.php"
},
{
"name": "http://news.zdnet.co.uk/story/0,,s2065518,00.html",
"refsource": "MISC",
"url": "http://news.zdnet.co.uk/story/0,,s2065518,00.html"
},
{
"name": "http://www.net-security.sk/bugs/NT/nu20.html",
"refsource": "MISC",
"url": "http://www.net-security.sk/bugs/NT/nu20.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1380",
"datePublished": "2002-03-09T05:00:00.000Z",
"dateReserved": "2001-08-31T00:00:00.000Z",
"dateUpdated": "2024-08-01T17:11:02.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5235 (GCVE-0-2018-5235)
Vulnerability from cvelistv5 – Published: 2018-08-22 17:00 – Updated: 2024-09-16 20:31
VLAI
Summary
Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.
Severity
No CVSS data available.
CWE
- DLL Preloading
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/105099 | vdb-entryx_refsource_BID |
| https://support.symantec.com/en_US/article.SYMSA1… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Symantec Corporation | Norton Utilities |
Affected:
Prior to 16.0.3.44
|
Date Public
2018-08-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:42.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105099",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105099"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Norton Utilities",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 16.0.3.44"
}
]
}
],
"datePublic": "2018-08-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Preloading",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-23T09:57:01.000Z",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "105099",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105099"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-08-15T00:00:00",
"ID": "CVE-2018-5235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Norton Utilities",
"version": {
"version_data": [
{
"version_value": "Prior to 16.0.3.44"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Preloading"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105099",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105099"
},
{
"name": "https://support.symantec.com/en_US/article.SYMSA1459.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-5235",
"datePublished": "2018-08-22T17:00:00.000Z",
"dateReserved": "2018-01-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:31:27.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1836 (GCVE-0-2006-1836)
Vulnerability from cvelistv5 – Published: 2006-04-19 16:00 – Updated: 2024-08-07 17:27
VLAI
Summary
Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/100 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/17571 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/1386 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/431318/100… | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1015953 | vdb-entryx_refsource_SECTRACK |
| http://securityresponse.symantec.com/avcenter/sec… | x_refsource_CONFIRM |
| http://secunia.com/advisories/19682 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-04-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/100"
},
{
"name": "17571",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17571"
},
{
"name": "ADV-2006-1386",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1386"
},
{
"name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
},
{
"name": "1015953",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015953"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
},
{
"name": "19682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19682"
},
{
"name": "liveupdate-exepath-env-privilege-escalation(25839)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "100",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/100"
},
{
"name": "17571",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17571"
},
{
"name": "ADV-2006-1386",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1386"
},
{
"name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
},
{
"name": "1015953",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015953"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
},
{
"name": "19682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19682"
},
{
"name": "liveupdate-exepath-env-privilege-escalation(25839)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/100"
},
{
"name": "17571",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17571"
},
{
"name": "ADV-2006-1386",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1386"
},
{
"name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
},
{
"name": "1015953",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015953"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
},
{
"name": "19682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19682"
},
{
"name": "liveupdate-exepath-env-privilege-escalation(25839)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1836",
"datePublished": "2006-04-19T16:00:00.000Z",
"dateReserved": "2006-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:27:29.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1380 (GCVE-0-1999-1380)
Vulnerability from cvelistv5 – Published: 2002-03-09 05:00 – Updated: 2024-08-01 17:11
VLAI
Summary
Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://mlarchive.ima.com/win95/1997/May/0342.html | x_refsource_MISC |
| http://www.iss.net/security_center/static/7188.php | vdb-entryx_refsource_XF |
| http://news.zdnet.co.uk/story/0%2C%2Cs2065518%2C00.html | x_refsource_MISC |
| http://www.net-security.sk/bugs/NT/nu20.html | x_refsource_MISC |
Date Public
1997-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:11:02.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mlarchive.ima.com/win95/1997/May/0342.html"
},
{
"name": "nu-tuneocx-activex-control(7188)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7188.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://news.zdnet.co.uk/story/0%2C%2Cs2065518%2C00.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.net-security.sk/bugs/NT/nu20.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1997-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mlarchive.ima.com/win95/1997/May/0342.html"
},
{
"name": "nu-tuneocx-activex-control(7188)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7188.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://news.zdnet.co.uk/story/0%2C%2Cs2065518%2C00.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.net-security.sk/bugs/NT/nu20.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mlarchive.ima.com/win95/1997/May/0342.html",
"refsource": "MISC",
"url": "http://mlarchive.ima.com/win95/1997/May/0342.html"
},
{
"name": "nu-tuneocx-activex-control(7188)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7188.php"
},
{
"name": "http://news.zdnet.co.uk/story/0,,s2065518,00.html",
"refsource": "MISC",
"url": "http://news.zdnet.co.uk/story/0,,s2065518,00.html"
},
{
"name": "http://www.net-security.sk/bugs/NT/nu20.html",
"refsource": "MISC",
"url": "http://www.net-security.sk/bugs/NT/nu20.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1380",
"datePublished": "2002-03-09T05:00:00.000Z",
"dateReserved": "2001-08-31T00:00:00.000Z",
"dateUpdated": "2024-08-01T17:11:02.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}