CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 1CVE-2004-0217
https://notcve.org/view.php?id=CVE-2004-0217
The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log. La capacidad LiveUpdate de Symantec Antivirus Scan Engine 4.0 y 4.3 para Red Hat Linux permite a usuarios locales crear o añadir ficheros arbitrarios mediante un ataque de enlaces simbólicos sobre /tmp/LiveUpdate.log. • http://marc.info/?l=bugtraq&m=107694800908164&w=2 http://www.securityfocus.com/bid/9662 https://exchange.xforce.ibmcloud.com/vulnerabilities/15215 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.2EPSS: 0%CPEs: 23EXPL: 0CVE-2003-0994
https://notcve.org/view.php?id=CVE-2003-0994
The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges. La funcionalidad gui para una sesión interactiva en ymantec LiveUpdate 1.70.x hasta la 1.90.x (usadas en Norton Internet Security 2001 hasta 2004, SystemWorks 2001 hasta 2004, y AntiVirus y Norton AntiVirus Pro 2001 hasta 2004, AntiVirus for Handhelds v3.0) permite que usuarios locales obtengan privilegios SYSTEM. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html http://marc.info/?l=bugtraq&m=107393473928245&w=2 http://www.osvdb.org/3428 http://www.secnetops.biz/research/SRT2004-01-09-1022.txt •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 2CVE-2003-1310 – Symantec Norton AntiVirus 2002/2003 - Device Driver Memory Overwrite
https://notcve.org/view.php?id=CVE-2003-1310
The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack"). • https://www.exploit-db.com/exploits/22980 http://sec-labs.hack.pl/papers/win32ddc.php http://secunia.com/advisories/9460 http://www.osvdb.org/4362 http://www.securityfocus.com/bid/8329 https://exchange.xforce.ibmcloud.com/vulnerabilities/12824 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2003-1451
https://notcve.org/view.php?id=CVE-2003-1451
Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attackers to execute arbitrary code via an e-mail attachment with a compressed ZIP file that contains a file with a long filename. • http://securityresponse.symantec.com/avcenter/security/Content/2003.02.28.html http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-02/0233.html http://www.lac.co.jp/security/english/snsadv_e/61_e.html http://www.securityfocus.com/bid/6886 https://exchange.xforce.ibmcloud.com/vulnerabilities/11365 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2002-1540
https://notcve.org/view.php?id=CVE-2002-1540
The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32. El cliente de Symantec Norton AntiVirus Corporate Edition 7.5.x anteriores a la 7.5.1 Build 62 y 7.6.x anteriores a la 7.6.1 Build 35a ejecutan winhlp32 con privilegios elevados, lo que permite a usuarios locales la obtención de privilegios utilizando ciertas características de winhlp32. • http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html http://www.iss.net/security_center/static/10475.php http://www.osvdb.org/6258 •