Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0304

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2012-0304
Last Modified 01 Apr 2013 11:14:44
Published 22 Jun 2012 06:24:06
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0304

Summary

Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file.

Vulnerable Systems

Application

  • Symantec Liveupdate Administrator 1.5.3.21

  • Symantec Liveupdate Administrator 1.5.4

  • Symantec Liveupdate Administrator 1.5.7.19

  • Symantec Liveupdate Administrator 2.1.0

  • Symantec Liveupdate Administrator 2.1.2

  • Symantec Liveupdate Administrator 2.1.3

  • Symantec Liveupdate Administrator 2.2.1

  • Symantec Liveupdate Administrator 2.2.2

  • Symantec Liveupdate Administrator 2.2.2.9

  • Symantec Liveupdate Administrator 2.3.0


References

CONFIRM - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120615_00

BID - 53903

MISC - http://www.nessus.org/plugins/index.php?view=single&id=59193

SECTRACK - 1027182


Last Updated: 27 May 2016 10:56:34