CVE-2016-5311
7.8HIGH
Key Information
- Vendor
- Symantec
- Status
- Norton Antivirus, Norton Antivirus With Backup, Norton Security, Norton Security With Backup, Norton Internet Security, Norton 360
- Endpoint Protection Small Business Edition Cloud, And Endpoint Protection Cloud Client
- Vendor
- CVE Published:
- 9 January 2020
Summary
A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges.
Affected Version(s)
Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360 = before 22.7
Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client = before 22.8.0.50
Refferences
http://www.securityfocus.com/bid/94295
x_refsource_MISC
http://www.securitytracker.com/id/1037323
x_refsource_MISC
http://www.securitytracker.com/id/1037324
x_refsource_MISC
http://www.securitytracker.com/id/1037325
x_refsource_MISC
https://www.symantec.com/security_response/securityupdate...
x_refsource_CONFIRM
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database