Symantec SAVCE RTVScan Component Local Privilege Escalation (SYM07-017)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a program that is affected by a local
privilege escalation vulnerability.

Description :

The remote installation of Symantec Antivirus Corporate Edition
(SAVCE) or Symantec Client Security contains a flaw in the Real-Time
scanner (RTVScan) component because it fails to drop its privileges
with in a threat notification window. A local attacker may be able to
leverage this flaw to elevate his privileges to SYSTEM level and gain
complete control of the affected system.

Note that successful exploitation requires that the Notification
Message window be enabled.

See also :

http://www.symantec.com/avcenter/security/Content/2007.07.11c.html

Solution :

SAVCE product branch 9.0 should be be upgraded to 9.0.6.1100 or
better. SAVCE product branch 10.0 & 10.1 should be upgraded to
10.1.4.4010 or better.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 5.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 25734 ()

Bugtraq ID: 24810

CVE ID: CVE-2007-3800

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now