PT-2004-1190 · Symantec · Norton Internet Security+4
Kf
·
Published
2004-02-03
·
Updated
2016-10-18
·
CVE-2003-0994
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Symantec LiveUpdate versions 1.70.x through 1.90.x
Norton Internet Security versions 2001 through 2004
SystemWorks versions 2001 through 2004
Norton AntiVirus Pro versions 2001 through 2004
AntiVirus for Handhelds version v3.0
Description
The issue allows local users to gain SYSTEM privileges due to a problem in the GUI functionality for an interactive session in Symantec LiveUpdate.
Recommendations
For Symantec LiveUpdate versions 1.70.x through 1.90.x, consider restricting access to the GUI functionality for an interactive session until a fix is available.
For Norton Internet Security versions 2001 through 2004, SystemWorks versions 2001 through 2004, and Norton AntiVirus Pro versions 2001 through 2004, restrict the use of the affected Symantec LiveUpdate component to minimize the risk of exploitation.
For AntiVirus for Handhelds version v3.0, avoid using the affected Symantec LiveUpdate functionality until the issue is resolved.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Antivirus For Handhelds
Norton Antivirus Pro
Norton Internet Security
Symantec Liveupdate
System Works