Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for norton_utilities by symantec

    CVE-2018-5235 (GCVE-0-2018-5235)

    Vulnerability from nvd – Published: 2018-08-22 17:00 – Updated: 2024-09-16 20:31
    VLAI
    Summary
    Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.
    Severity
    No CVSS data available.
    CWE
    • DLL Preloading
    Assigner
    References
    Impacted products
    Vendor Product Version
    Symantec Corporation Norton Utilities Affected: Prior to 16.0.3.44
    Create a notification for this product.
    Date Public
    2018-08-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:33:42.772Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105099",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105099"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Norton Utilities",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 16.0.3.44"
                }
              ]
            }
          ],
          "datePublic": "2018-08-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DLL Preloading",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-23T09:57:01.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "name": "105099",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105099"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "DATE_PUBLIC": "2018-08-15T00:00:00",
              "ID": "CVE-2018-5235",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Norton Utilities",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 16.0.3.44"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DLL Preloading"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105099",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105099"
                },
                {
                  "name": "https://support.symantec.com/en_US/article.SYMSA1459.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2018-5235",
        "datePublished": "2018-08-22T17:00:00.000Z",
        "dateReserved": "2018-01-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:31:27.130Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1836 (GCVE-0-2006-1836)

    Vulnerability from nvd – Published: 2006-04-19 16:00 – Updated: 2024-08-07 17:27
    VLAI
    Summary
    Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/100 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/bid/17571 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2006/1386 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/431318/100… mailing-listx_refsource_BUGTRAQ
    http://securitytracker.com/id?1015953 vdb-entryx_refsource_SECTRACK
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://secunia.com/advisories/19682 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2006-04-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:27:29.470Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/100"
              },
              {
                "name": "17571",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17571"
              },
              {
                "name": "ADV-2006-1386",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1386"
              },
              {
                "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
              },
              {
                "name": "1015953",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015953"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
              },
              {
                "name": "19682",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19682"
              },
              {
                "name": "liveupdate-exepath-env-privilege-escalation(25839)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-04-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "100",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/100"
            },
            {
              "name": "17571",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17571"
            },
            {
              "name": "ADV-2006-1386",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1386"
            },
            {
              "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
            },
            {
              "name": "1015953",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015953"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
            },
            {
              "name": "19682",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19682"
            },
            {
              "name": "liveupdate-exepath-env-privilege-escalation(25839)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1836",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/100"
                },
                {
                  "name": "17571",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17571"
                },
                {
                  "name": "ADV-2006-1386",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1386"
                },
                {
                  "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
                },
                {
                  "name": "1015953",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015953"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
                },
                {
                  "name": "19682",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19682"
                },
                {
                  "name": "liveupdate-exepath-env-privilege-escalation(25839)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1836",
        "datePublished": "2006-04-19T16:00:00.000Z",
        "dateReserved": "2006-04-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:27:29.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-1999-1380 (GCVE-0-1999-1380)

    Vulnerability from nvd – Published: 2002-03-09 05:00 – Updated: 2024-08-01 17:11
    VLAI
    Summary
    Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    1997-05-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T17:11:02.953Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://mlarchive.ima.com/win95/1997/May/0342.html"
              },
              {
                "name": "nu-tuneocx-activex-control(7188)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/7188.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://news.zdnet.co.uk/story/0%2C%2Cs2065518%2C00.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.net-security.sk/bugs/NT/nu20.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "1997-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-02-18T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://mlarchive.ima.com/win95/1997/May/0342.html"
            },
            {
              "name": "nu-tuneocx-activex-control(7188)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/7188.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://news.zdnet.co.uk/story/0%2C%2Cs2065518%2C00.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.net-security.sk/bugs/NT/nu20.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-1999-1380",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://mlarchive.ima.com/win95/1997/May/0342.html",
                  "refsource": "MISC",
                  "url": "http://mlarchive.ima.com/win95/1997/May/0342.html"
                },
                {
                  "name": "nu-tuneocx-activex-control(7188)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/7188.php"
                },
                {
                  "name": "http://news.zdnet.co.uk/story/0,,s2065518,00.html",
                  "refsource": "MISC",
                  "url": "http://news.zdnet.co.uk/story/0,,s2065518,00.html"
                },
                {
                  "name": "http://www.net-security.sk/bugs/NT/nu20.html",
                  "refsource": "MISC",
                  "url": "http://www.net-security.sk/bugs/NT/nu20.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-1999-1380",
        "datePublished": "2002-03-09T05:00:00.000Z",
        "dateReserved": "2001-08-31T00:00:00.000Z",
        "dateUpdated": "2024-08-01T17:11:02.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5235 (GCVE-0-2018-5235)

    Vulnerability from cvelistv5 – Published: 2018-08-22 17:00 – Updated: 2024-09-16 20:31
    VLAI
    Summary
    Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.
    Severity
    No CVSS data available.
    CWE
    • DLL Preloading
    Assigner
    References
    Impacted products
    Vendor Product Version
    Symantec Corporation Norton Utilities Affected: Prior to 16.0.3.44
    Create a notification for this product.
    Date Public
    2018-08-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:33:42.772Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105099",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105099"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Norton Utilities",
              "vendor": "Symantec Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Prior to 16.0.3.44"
                }
              ]
            }
          ],
          "datePublic": "2018-08-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DLL Preloading",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-23T09:57:01.000Z",
            "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
            "shortName": "symantec"
          },
          "references": [
            {
              "name": "105099",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105099"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@symantec.com",
              "DATE_PUBLIC": "2018-08-15T00:00:00",
              "ID": "CVE-2018-5235",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Norton Utilities",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Prior to 16.0.3.44"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Symantec Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DLL Preloading"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105099",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105099"
                },
                {
                  "name": "https://support.symantec.com/en_US/article.SYMSA1459.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
        "assignerShortName": "symantec",
        "cveId": "CVE-2018-5235",
        "datePublished": "2018-08-22T17:00:00.000Z",
        "dateReserved": "2018-01-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:31:27.130Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1836 (GCVE-0-2006-1836)

    Vulnerability from cvelistv5 – Published: 2006-04-19 16:00 – Updated: 2024-08-07 17:27
    VLAI
    Summary
    Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/100 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/bid/17571 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2006/1386 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/431318/100… mailing-listx_refsource_BUGTRAQ
    http://securitytracker.com/id?1015953 vdb-entryx_refsource_SECTRACK
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://secunia.com/advisories/19682 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2006-04-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:27:29.470Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/100"
              },
              {
                "name": "17571",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17571"
              },
              {
                "name": "ADV-2006-1386",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1386"
              },
              {
                "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
              },
              {
                "name": "1015953",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015953"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
              },
              {
                "name": "19682",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19682"
              },
              {
                "name": "liveupdate-exepath-env-privilege-escalation(25839)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-04-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "100",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/100"
            },
            {
              "name": "17571",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17571"
            },
            {
              "name": "ADV-2006-1386",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1386"
            },
            {
              "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
            },
            {
              "name": "1015953",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015953"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
            },
            {
              "name": "19682",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19682"
            },
            {
              "name": "liveupdate-exepath-env-privilege-escalation(25839)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1836",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/100"
                },
                {
                  "name": "17571",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17571"
                },
                {
                  "name": "ADV-2006-1386",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1386"
                },
                {
                  "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
                },
                {
                  "name": "1015953",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015953"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
                },
                {
                  "name": "19682",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19682"
                },
                {
                  "name": "liveupdate-exepath-env-privilege-escalation(25839)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1836",
        "datePublished": "2006-04-19T16:00:00.000Z",
        "dateReserved": "2006-04-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:27:29.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-1999-1380 (GCVE-0-1999-1380)

    Vulnerability from cvelistv5 – Published: 2002-03-09 05:00 – Updated: 2024-08-01 17:11
    VLAI
    Summary
    Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    1997-05-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T17:11:02.953Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://mlarchive.ima.com/win95/1997/May/0342.html"
              },
              {
                "name": "nu-tuneocx-activex-control(7188)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/7188.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://news.zdnet.co.uk/story/0%2C%2Cs2065518%2C00.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.net-security.sk/bugs/NT/nu20.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "1997-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-02-18T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://mlarchive.ima.com/win95/1997/May/0342.html"
            },
            {
              "name": "nu-tuneocx-activex-control(7188)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/7188.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://news.zdnet.co.uk/story/0%2C%2Cs2065518%2C00.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.net-security.sk/bugs/NT/nu20.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-1999-1380",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://mlarchive.ima.com/win95/1997/May/0342.html",
                  "refsource": "MISC",
                  "url": "http://mlarchive.ima.com/win95/1997/May/0342.html"
                },
                {
                  "name": "nu-tuneocx-activex-control(7188)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/7188.php"
                },
                {
                  "name": "http://news.zdnet.co.uk/story/0,,s2065518,00.html",
                  "refsource": "MISC",
                  "url": "http://news.zdnet.co.uk/story/0,,s2065518,00.html"
                },
                {
                  "name": "http://www.net-security.sk/bugs/NT/nu20.html",
                  "refsource": "MISC",
                  "url": "http://www.net-security.sk/bugs/NT/nu20.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-1999-1380",
        "datePublished": "2002-03-09T05:00:00.000Z",
        "dateReserved": "2001-08-31T00:00:00.000Z",
        "dateUpdated": "2024-08-01T17:11:02.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }