Local Privilege Escalation in Symantec LiveUpdate Administrator
CVE-2012-0304

Currently unrated

Key Information:

Vendor: Symantec
Status: Liveupdate Administrator
Vendor: CVE Published:; 22 June 2012

What is CVE-2012-0304?

Symantec LiveUpdate Administrator prior to version 2.3.1 is susceptible to a local privilege escalation vulnerability resulting from improper permissions assigned to the installation directory. This flaw permits users with local access to install unauthorized files, potentially escalating their privileges by executing a Trojan horse file. Organizations utilizing affected versions should take immediate steps to update their installation to safeguard against potential exploitation.

References

http://www.securitytracker.com/id?1027182

vdb-entryx_refsource_SECTRACK

http://www.nessus.org/plugins/index.php?view=single&id=59193

x_refsource_MISC

http://www.securityfocus.com/bid/53903

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2012
Vulnerability Reserved
Jan 4, 2012