CVE-2016-5311
Severity CVSS v4.0:
Pending analysis
Type:
CWE-427
Uncontrolled Search Path Element
Publication date:
09/01/2020
Last modified:
29/01/2020
Description
A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
6.90
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:*:*:* | 22.8.0.50 (excluding) | |
| cpe:2.3:a:symantec:endpoint_protection_cloud:*:*:*:*:*:*:*:* | 22.8.0.50 (excluding) | |
| cpe:2.3:a:symantec:norton_360:*:*:*:*:*:*:*:* | 22.7 (excluding) | |
| cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:* | 22.7 (excluding) | |
| cpe:2.3:a:symantec:norton_antivirus_with_backup:*:*:*:*:*:*:*:* | 22.7 (excluding) | |
| cpe:2.3:a:symantec:norton_family:*:*:*:*:*:*:*:* | 22.7 (excluding) | |
| cpe:2.3:a:symantec:norton_internet_security:*:*:*:*:*:*:*:* | 22.7 (excluding) | |
| cpe:2.3:a:symantec:norton_security:*:*:*:*:*:*:*:* | 22.7 (excluding) | |
| cpe:2.3:a:symantec:norton_security_with_backup:*:*:*:*:*:*:*:* | 22.7 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securityfocus.com/bid/94295
- http://www.securitytracker.com/id/1037323
- http://www.securitytracker.com/id/1037324
- http://www.securitytracker.com/id/1037325
- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00