You are here

U-194: Symantec LiveUpdate Administrator Lets Local Users Gain Elevated Privledges

June 19, 2012 - 7:00am

Addthis

PROBLEM:

Symantec LiveUpdate Administrator Lets Local Users Gain Elevated Privileges .

PLATFORM:

Version(s): 2.3 and prior versions

Abstract:

Users Gain Elevated Privileges

reference LINKS:

Vendor Advisory
SecurityTracker Alert ID: 1027182
CVE-2012-0304

IMPACT ASSESSMENT:

Medium

Discussion:

A vulnerability was reported in Symantec LiveUpdate Administrator. A local user can obtain elevated privileges on the target system.The default installation of Symantec LiveUpdate Administrator installs files with full control privileges granted to the 'Everyone' group.A local user can exploit this flaw to read arbitrary files with System privileges and potentially execute arbitrary code on the target system with System privileges.

Impact:

A local user can obtain System privileges on the target system.

Solution:

The vendor has issued a fix (2.3.1).

 

Addthis