CERTA-2004-AVI-404
Vulnerability from certfr_avis
None
Description
L'utilitaire de mise à jour LiveUpdate est inclus dans de nombreux produits Symantec et permet d'effectuer des mises à jour automatiques de tous les produits Symantec.
Lorsqu'une session interactive LiveUpdate est disponible, un utilisateur local mal intentionné peut, grâce à l'interface graphique, élever ses propres privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur (cf. section Documentation) pour l'obtention des correctifs.
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Symantec | N/A | Symantec Norton AntiVirus et Norton AntiVirus Pro 2001-2004 ; | ||
| Symantec | N/A | Windows Symantec LiveUpdate versions antérieures à 2.5 ; | ||
| Symantec | N/A | Symantec Norton Internet Security Pro 2001-2004 ; | ||
| Symantec | N/A | Symantec Norton SystemWorks 2001-2004 ; | ||
| Symantec | N/A | Symantec AntiVirus pour Handhelds Retail and Corporate Edition v3.0. |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Symantec Norton AntiVirus et Norton AntiVirus Pro 2001-2004 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Symantec",
"scada": false
}
}
},
{
"description": "Windows Symantec LiveUpdate versions ant\u00e9rieures \u00e0 2.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Symantec",
"scada": false
}
}
},
{
"description": "Symantec Norton Internet Security Pro 2001-2004 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Symantec",
"scada": false
}
}
},
{
"description": "Symantec Norton SystemWorks 2001-2004 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Symantec",
"scada": false
}
}
},
{
"description": "Symantec AntiVirus pour Handhelds Retail and Corporate Edition v3.0.",
"product": {
"name": "N/A",
"vendor": {
"name": "Symantec",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nL\u0027utilitaire de mise \u00e0 jour LiveUpdate est inclus dans de nombreux\nproduits Symantec et permet d\u0027effectuer des mises \u00e0 jour automatiques de\ntous les produits Symantec.\n\nLorsqu\u0027une session interactive LiveUpdate est disponible, un utilisateur\nlocal mal intentionn\u00e9 peut, gr\u00e2ce \u00e0 l\u0027interface graphique, \u00e9lever ses\npropres privil\u00e8ges.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section\nDocumentation) pour l\u0027obtention des correctifs.\n",
"cves": [],
"initial_release_date": "2004-12-17T00:00:00",
"last_revision_date": "2004-12-17T00:00:00",
"links": [],
"reference": "CERTA-2004-AVI-404",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2004-12-17T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": null,
"title": "Vuln\u00e9rabilit\u00e9 de LiveUpdate pour les produits Symantec",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 de Symantec",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.12.13a.html"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…