CERTA-2004-AVI-404
Vulnerability from certfr_avis - Published: 2004-12-17 - Updated: 2004-12-17None
Description
L'utilitaire de mise à jour LiveUpdate est inclus dans de nombreux produits Symantec et permet d'effectuer des mises à jour automatiques de tous les produits Symantec.
Lorsqu'une session interactive LiveUpdate est disponible, un utilisateur local mal intentionné peut, grâce à l'interface graphique, élever ses propres privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur (cf. section Documentation) pour l'obtention des correctifs.
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Symantec | N/A | Symantec Norton AntiVirus et Norton AntiVirus Pro 2001-2004 ; | ||
| Symantec | N/A | Windows Symantec LiveUpdate versions antérieures à 2.5 ; | ||
| Symantec | N/A | Symantec Norton Internet Security Pro 2001-2004 ; | ||
| Symantec | N/A | Symantec Norton SystemWorks 2001-2004 ; | ||
| Symantec | N/A | Symantec AntiVirus pour Handhelds Retail and Corporate Edition v3.0. |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Symantec Norton AntiVirus et Norton AntiVirus Pro 2001-2004 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Symantec",
"scada": false
}
}
},
{
"description": "Windows Symantec LiveUpdate versions ant\u00e9rieures \u00e0 2.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Symantec",
"scada": false
}
}
},
{
"description": "Symantec Norton Internet Security Pro 2001-2004 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Symantec",
"scada": false
}
}
},
{
"description": "Symantec Norton SystemWorks 2001-2004 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Symantec",
"scada": false
}
}
},
{
"description": "Symantec AntiVirus pour Handhelds Retail and Corporate Edition v3.0.",
"product": {
"name": "N/A",
"vendor": {
"name": "Symantec",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nL\u0027utilitaire de mise \u00e0 jour LiveUpdate est inclus dans de nombreux\nproduits Symantec et permet d\u0027effectuer des mises \u00e0 jour automatiques de\ntous les produits Symantec.\n\nLorsqu\u0027une session interactive LiveUpdate est disponible, un utilisateur\nlocal mal intentionn\u00e9 peut, gr\u00e2ce \u00e0 l\u0027interface graphique, \u00e9lever ses\npropres privil\u00e8ges.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section\nDocumentation) pour l\u0027obtention des correctifs.\n",
"cves": [],
"initial_release_date": "2004-12-17T00:00:00",
"last_revision_date": "2004-12-17T00:00:00",
"links": [],
"reference": "CERTA-2004-AVI-404",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2004-12-17T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": null,
"title": "Vuln\u00e9rabilit\u00e9 de LiveUpdate pour les produits Symantec",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 de Symantec",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.12.13a.html"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…