CVE-2016-5311
https://notcve.org/view.php?id=CVE-2016-5311
A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges. Se presenta una vulnerabilidad de escalada de privilegios en Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud y Endpoint Protection Cloud Client, debido a una precarga de DLL sin restricciones de ruta, que podría permitir a un usuario malicioso local obtener privilegios system. • http://www.securityfocus.com/bid/94295 http://www.securitytracker.com/id/1037323 http://www.securitytracker.com/id/1037324 http://www.securitytracker.com/id/1037325 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00 • CWE-427: Uncontrolled Search Path Element •
CVE-2018-12238
https://notcve.org/view.php?id=CVE-2018-12238
Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected. Norton en versiones anteriores a la 22.15; Symantec Endpoint Protection (SEP) en versiones anteriores a la 12.1.7454.7000 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) en versiones anteriores a la NIS-22.15.1.8 SEP-12.1.7454.7000; y Symantec Endpoint Protection Cloud (SEP Cloud) en versiones anteriores a la 22.15.1 pueden ser susceptibles a un problema de omisión de antivirus, que es un tipo de explotación que sirve para eludir uno de los motores de detección de virus y así evitar un tipo de protección antivirus específico. Uno de los motores antivirus depende de un patrón de firma de una base de datos para identificar archivos maliciosos y virus; la explotación de omisión de antivirus busca alterar el archivo que se está analizando para que no sea detectado. • http://www.securityfocus.com/bid/105917 https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html •
CVE-2018-12239
https://notcve.org/view.php?id=CVE-2018-12239
Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000; and Symantec Endpoint Protection Cloud (SEP Cloud) prior to 22.15.1 may be susceptible to an AV bypass issue, which is a type of exploit that works to circumvent one of the virus detection engines to avoid a specific type of virus protection. One of the antivirus engines depends on a signature pattern from a database to identify malicious files and viruses; the antivirus bypass exploit looks to alter the file being scanned so it is not detected. Norton en versiones anteriores a la 22.15; Symantec Endpoint Protection (SEP) en versiones anteriores a la 12.1.7454.7000 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) en versiones anteriores a la NIS-22.15.1.8 SEP-12.1.7454.7000; y Symantec Endpoint Protection Cloud (SEP Cloud) en versiones anteriores a la 22.15.1 puede ser susceptible a un problema de omisión de antivirus, que es un tipo de explotación que sirve para eludir uno de los motores de detección de virus y así evitar un tipo de protección antivirus específico. Uno de los motores antivirus depende de un patrón de firma de una base de datos para identificar archivos maliciosos y virus; la explotación de omisión de antivirus busca alterar el archivo que se está analizando para que no sea detectado. • http://www.securityfocus.com/bid/105918 https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html •
CVE-2007-3800
https://notcve.org/view.php?id=CVE-2007-3800
Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code. Vulnerabilidad no especificada en el componente Real-time scanner (RTVScan) en Symantec AntiVirus Corporate Edition 9.0 hasta la 10.1 y Client Security 2.0 hasta la 3.1, cuando la ventana Notification Message está activada, permite a usuarios locales ganar privilegios a través de código manipulado. • http://osvdb.org/36116 http://secunia.com/advisories/26054 http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11c.html http://www.securityfocus.com/bid/24810 http://www.vupen.com/english/advisories/2007/2506 https://exchange.xforce.ibmcloud.com/vulnerabilities/35352 •
CVE-2007-0447 – Symantec AntiVirus Engine CAB Parsing Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-0447
Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives. Desbordamiento de búfer basado en pila en el componente Decomposer en múltiples producto Symantec que permiten a atacantes remotos ejecutar código de su elección a través de archivos .CAB manipulados. This vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of Symantec's AntiVirus Engine. User interaction is not required to exploit this vulnerability. The specific flaw exists during the process of scanning multiple maliciously formatted CAB archives. The parsing routine implicitly trusts certain user-supplied values that can result in an exploitable heap corruption. • http://osvdb.org/36118 http://secunia.com/advisories/26053 http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html http://www.securityfocus.com/bid/24282 http://www.vupen.com/english/advisories/2007/2508 http://www.zerodayinitiative.com/advisories/ZDI-07-040.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •