Disclaimer: This news item was originally posted on Tuesday, Sep 12, 2006. Its content may no longer be timely or accurate.

Symantec Antivirus Corporate Editon Privilege Escalation Vulnerability Announced

Posted: 19:00:00, Tuesday, Sep 12, 2006   Expiration: 19:00:00, Tuesday, Sep 19, 2006

Symantec has announced an elevation of privilege vulnerability in their Symantec Antivirus Corporate Edition and Symantec Client Security products.

Symantec released information on September 13th regarding an elevation of privilege vulnerability in their Symantec Antivirus Corporate Edition (SAVCE) and Symantec Client Security (SCS) products. The Symantec announcement is here: http://www.symantec.com/avcenter/security/Content/2006.09.13.html. Note that Symantec is not aware of any attempts to exploit this vulnerability at this time. Note also that this vulnerability is not remotely exploitable; it requires local access to work.

SAVCE 10.1 and SCS 3.1 are *NOT* vulnerable. These are the recommended installs on the current Security Software Starter CD.

SAVCE 9.0.5.1100 (MR5 w/ MP1) is not vulnerable, and that is the version of the 9 client available for download on https://software.doit.wisc.edu. The Security CD only has the previous version (9.0.5.1000), so anyone running SAVCE 9 should check their versions and upgrade if necessary.

-- Allen Monette and Shaun Fischer

Created: 11:49:04, Wednesday, Sep 13, 2006 (by AMONETTE)
Updated: 11:50:25, Wednesday, Sep 13, 2006 (by AMONETTE)