The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Norton Security Premium

computer vulnerability alert CVE-2016-5311

Norton, Symantec Endpoint Protection: privilege escalation via DLL Pre-loading

Synthesis of the vulnerability

An attacker can bypass restrictions via DLL Pre-loading of Norton or Symantec Endpoint Protection, in order to escalate his privileges.
Impacted products: Norton Antivirus, Norton Internet Security, Norton Security, SEP.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 18/11/2016.
Identifiers: CVE-2016-5311, SYM16-021, VIGILANCE-VUL-21156.

Description of the vulnerability

An attacker can bypass restrictions via DLL Pre-loading of Norton or Symantec Endpoint Protection, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-5308

Symantec Endpoint Protection, Norton Security: memory corruption in the parser for executable files

Synthesis of the vulnerability

An attacker can generate a memory corruption in the executable file parser of Symantec Endpoint Protection and Norton Security, in order to trigger a denial of service, and possibly to run code with the kernel privileges.
Impacted products: Norton Security, SEP.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: document.
Creation date: 08/07/2016.
Identifiers: CVE-2016-5308, SYM16-013, TALOS-2016-0182, VIGILANCE-VUL-20050.

Description of the vulnerability

The products Symantec Endpoint Protection and Norton Security analyse executable files.

To be able to intercept attempts to run a program file or load a shared library, the parser must be in the kernel. However, the kernel driver does not rightly manage some ill formed files. An attacker can inject code into the kernel memory space.

An attacker can therefore generate a memory corruption in the executable file parser of Symantec Endpoint Protection and Norton Security, in order to trigger a denial of service, and possibly to run code with the kernel privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-2207 CVE-2016-2209 CVE-2016-2210

Symantec: seven vulnerabilities of the "Decomposer" module

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Symantec products.
Impacted products: Norton Antivirus, Norton Internet Security, Norton Security, SEP, Symantec Mail Security, Symantec Web Gateway, SWS.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 29/06/2016.
Revision date: 29/06/2016.
Identifiers: 810, 814, 816, 818, 819, 821, 823, CERTFR-2016-AVI-222, CVE-2016-2207, CVE-2016-2209, CVE-2016-2210, CVE-2016-2211, CVE-2016-3644, CVE-2016-3645, CVE-2016-3646, VIGILANCE-VUL-19997.

Description of the vulnerability

Several vulnerabilities were announced in Symantec Endpoint Protection.

An attacker can generate a buffer overflow via a substream of MS-Office file, in order to trigger a denial of service, and possibly to run code. [severity:4/4; 823, CVE-2016-2209]

An attacker can force a read at an invalid address via ALPkOldFormatDecompressor::UnShrink, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; 821, CVE-2016-3646]

An attacker can generate an integer overflow via Attachment::setDataFromAttachment, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 819, CVE-2016-3645]

An attacker can generate a buffer overflow via CMIMEParser::UpdateHeader, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 818, CVE-2016-3644]

An attacker can generate a memory corruption via a MSPACK archive, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 816, CVE-2016-2211]

An attacker can generate a buffer overflow via CSymLHA::get_header, in order to trigger a denial of service, and possibly to run code. [severity:4/4; 814, CVE-2016-2210]

An attacker can generate a memory corruption via a RAR archive, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 810, CVE-2016-2207]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-2208

Symantec AVE: memory corruption via PE Header

Synthesis of the vulnerability

An attacker can generate a memory corruption via a PE Header on Symantec AVE, in order to trigger a denial of service, and possibly to run code with system privileges.
Impacted products: Norton Antivirus, Norton Internet Security, Norton Security, Symantec AV, SEP.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service.
Provenance: document.
Creation date: 17/05/2016.
Identifiers: 820, BID-90653, CVE-2016-2208, SYM16-008, VIGILANCE-VUL-19636.

Description of the vulnerability

The Symantec AVE engine analyzes executable in PE format.

However, a malformed PE header corrupts the memory of a kernel driver.

An attacker can therefore generate a memory corruption via a PE Header on Symantec AVE, in order to trigger a denial of service, and possibly to run code with system privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Norton Security Premium: