The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Symantec Norton Internet Security

vulnerability alert CVE-2017-5565 CVE-2017-5566 CVE-2017-5567

Antivirus: privilege escalation via Microsoft Application Verifier

Synthesis of the vulnerability

An attacker can bypass restrictions via Microsoft Application Verifier of Antivirus, in order to escalate his privileges.
Impacted products: Avast AV, NOD32 Antivirus, F-Secure AV, AVG AntiVirus, McAfee MOVE AntiVirus, VirusScan, Norton Antivirus, Norton Internet Security, Panda AV, Panda Internet Security, TrendMicro Internet Security, OfficeScan.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 5.
Creation date: 22/03/2017.
Identifiers: 1116957, CVE-2017-5565, CVE-2017-5566, CVE-2017-5567, CVE-2017-6186, CVE-2017-6417, VIGILANCE-VUL-22211.

Description of the vulnerability

An attacker can bypass restrictions via Microsoft Application Verifier of Antivirus, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-6592

Norton: code execution via the "Download Manager"

Synthesis of the vulnerability

An attacker can use a vulnerability via Download Manager of Norton, in order to run code.
Impacted products: Norton Antivirus, Norton Internet Security, Norton Security, SEP.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 18/01/2017.
Identifiers: CVE-2016-6592, SYM17-001, VIGILANCE-VUL-21619.

Description of the vulnerability

An attacker can use a vulnerability via Download Manager of Norton, in order to run code. The error isof the kind described in VIGILANCE-VUL-18671.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-5311

Norton, Symantec Endpoint Protection: privilege escalation via DLL Pre-loading

Synthesis of the vulnerability

An attacker can bypass restrictions via DLL Pre-loading of Norton or Symantec Endpoint Protection, in order to escalate his privileges.
Impacted products: Norton Antivirus, Norton Internet Security, Norton Security, SEP.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 18/11/2016.
Identifiers: CVE-2016-5311, SYM16-021, VIGILANCE-VUL-21156.

Description of the vulnerability

An attacker can bypass restrictions via DLL Pre-loading of Norton or Symantec Endpoint Protection, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-2207 CVE-2016-2209 CVE-2016-2210

Symantec: seven vulnerabilities of the "Decomposer" module

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Symantec products.
Impacted products: Norton Antivirus, Norton Internet Security, Norton Security, SEP, Symantec Mail Security, Symantec Web Gateway, SWS.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 29/06/2016.
Revision date: 29/06/2016.
Identifiers: 810, 814, 816, 818, 819, 821, 823, CERTFR-2016-AVI-222, CVE-2016-2207, CVE-2016-2209, CVE-2016-2210, CVE-2016-2211, CVE-2016-3644, CVE-2016-3645, CVE-2016-3646, VIGILANCE-VUL-19997.

Description of the vulnerability

Several vulnerabilities were announced in Symantec Endpoint Protection.

An attacker can generate a buffer overflow via a substream of MS-Office file, in order to trigger a denial of service, and possibly to run code. [severity:4/4; 823, CVE-2016-2209]

An attacker can force a read at an invalid address via ALPkOldFormatDecompressor::UnShrink, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; 821, CVE-2016-3646]

An attacker can generate an integer overflow via Attachment::setDataFromAttachment, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 819, CVE-2016-3645]

An attacker can generate a buffer overflow via CMIMEParser::UpdateHeader, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 818, CVE-2016-3644]

An attacker can generate a memory corruption via a MSPACK archive, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 816, CVE-2016-2211]

An attacker can generate a buffer overflow via CSymLHA::get_header, in order to trigger a denial of service, and possibly to run code. [severity:4/4; 814, CVE-2016-2210]

An attacker can generate a memory corruption via a RAR archive, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 810, CVE-2016-2207]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-2208

Symantec AVE: memory corruption via PE Header

Synthesis of the vulnerability

An attacker can generate a memory corruption via a PE Header on Symantec AVE, in order to trigger a denial of service, and possibly to run code with system privileges.
Impacted products: Norton Antivirus, Norton Internet Security, Norton Security, Symantec AV, SEP.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service.
Provenance: document.
Creation date: 17/05/2016.
Identifiers: 820, BID-90653, CVE-2016-2208, SYM16-008, VIGILANCE-VUL-19636.

Description of the vulnerability

The Symantec AVE engine analyzes executable in PE format.

However, a malformed PE header corrupts the memory of a kernel driver.

An attacker can therefore generate a memory corruption via a PE Header on Symantec AVE, in order to trigger a denial of service, and possibly to run code with system privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2010-5151 CVE-2010-5152 CVE-2010-5154

Antivirus: bypassing SSDT Hooking

Synthesis of the vulnerability

When an antivirus redirects the SSDT to detect viruses, a local attacker can use an atomicity error, in order to bypass this protection.
Impacted products: Avast AV, CA Antivirus, F-Secure AV, AVG AntiVirus, Kaspersky AV, VirusScan, Norton Antivirus, Norton Internet Security, Panda AV, Panda Internet Security, Symantec AV.
Severity: 2/4.
Consequences: administrator access/rights, data flow.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 13.
Creation date: 10/05/2010.
Revision date: 11/05/2010.
Identifiers: CVE-2010-5151, CVE-2010-5152, CVE-2010-5154, CVE-2010-5156, CVE-2010-5161, CVE-2010-5163, CVE-2010-5166, CVE-2010-5167, CVE-2010-5168, CVE-2010-5171, CVE-2010-5172, CVE-2010-5177, CVE-2010-5179, VIGILANCE-VUL-9633.

Description of the vulnerability

The SSDT table (System Service Descriptor Table) contains references of system calls:
 - NtCreateKey : create a key in registry
 - NtCreateThread : create a thread
 - NtDeleteFile : delete a file
 - etc.

Antiviruses redirect entries of this table to verification functions. Several implementations check parameters, and then call the origin system call. However, between these two operations, a local attacker can change parameters of the system call. A attacker can therefore create a program using legitimate parameters, and then change them just before the system call.

When an antivirus redirects the SSDT to detect viruses, a local attacker can therefore use an atomicity error, in order to bypass this protection.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2010-0106 CVE-2010-0107 CVE-2010-0108

Symantec AV, Norton AV: several vulnerabilities

Synthesis of the vulnerability

Three vulnerabilities of Symantec and Norton products can be used by an attacker to disable the antivirus or to execute code.
Impacted products: Norton Antivirus, Norton Internet Security, Symantec AV.
Severity: 2/4.
Consequences: user access/rights, data flow.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 18/02/2010.
Identifiers: BID-38127, BID-38129, BID-38222, CERTA-2010-AVI-087, CVE-2010-0106, CVE-2010-0107, CVE-2010-0108, DSECRG-09-039, SYM10-002, SYM10-003, SYM10-004, VIGILANCE-VUL-9462.

Description of the vulnerability

Three vulnerabilities were announced in Symantec and Norton products.

A local attacker can disable the Symantec AntiVirus on-demand scan. [severity:2/4; BID-38127, CERTA-2010-AVI-087, CVE-2010-0106, SYM10-002]

An attacker can generate a buffer overflow in the SYMLTCOM.DLL ActiveX of Norton AV/IS, in order to execute code when the victim browses a malicious web site. [severity:2/4; BID-38129, CVE-2010-0107, SYM10-003]

An attacker can generate a buffer overflow in Symantec Client Proxy (CLIproxy.dll). [severity:1/4; BID-38222, CVE-2010-0108, DSECRG-09-039, SYM10-004]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2009-1348

F-Secure, McAfee, Symantec: bypassing via PDF

Synthesis of the vulnerability

An attacker can create a malicious PDF document which is not detected by F-Secure, McAfee and Symantec products.
Impacted products: F-Secure AV, GroupShield, McAfee Security for Email Servers, VirusScan, Norton Antivirus, Norton Internet Security, Symantec AV.
Severity: 2/4.
Consequences: data flow.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 28/10/2009.
Identifiers: BID-36848, BID-36876, CERTA-2009-AVI-172, CVE-2009-1348, FSC-2009-3, G-SEC 47-2009, G-SEC 48-2009, G-SEC 49-2009, SB10003, VIGILANCE-VUL-9133.

Description of the vulnerability

A PDF document can be especially constructed to be read by Adobe Reader, but to be unrecognized by an antivirus software. An attacker can create such a document, and thus bypass products of three editors.

A malicious PDF document is not detected by Symantec and Norton products. [severity:2/4; G-SEC 47-2009]

A malicious PDF document is not detected by F-Secure products. [severity:2/4; BID-36876, FSC-2009-3, G-SEC 48-2009]

A malicious PDF document is not detected by McAfee products. A malicious TAR archive is also not detected by McAfee products. [severity:2/4; BID-36848, CERTA-2009-AVI-172, CVE-2009-1348, G-SEC 49-2009, SB10003]

An attacker can therefore create a malicious PDF document which is not detected by F-Secure, McAfee and Symantec products.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2009-3104

Symantec, Norton AV: denial of service

Synthesis of the vulnerability

An attacker can send a malicious email, in order to prevent the victim from reading his other emails.
Impacted products: Norton Antivirus, Norton Internet Security, Symantec AV.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: document.
Creation date: 28/08/2009.
Identifiers: BID-34670, CVE-2009-3104, SYM09-012, VIGILANCE-VUL-8982.

Description of the vulnerability

The Norton AntiVirus, Norton Internet Security, Symantec AntiVirus Corporate Edition and Symantec Client Security products use the Internet Email Scanning feature to scan emails when they are downloaded from the mail server.

However, a malicious email generates an infinite loop in the analysis engine, and interrupts the session with the mail server. The victim then cannot download his emails.

An attacker can therefore send a malicious email, in order to prevent the victim from reading his other emails.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 8797

Symantec Antivirus: bypassing via RAR TAR ZIP

Synthesis of the vulnerability

An attacker can create a RAR/TAR/ZIP archive containing a virus which is not detected by Symantec.
Impacted products: Norton Antivirus, Norton Internet Security, Symantec AV.
Severity: 2/4.
Consequences: data flow.
Provenance: document.
Creation date: 15/06/2009.
Identifiers: BID-35354, SYM09-009, VIGILANCE-VUL-8797.

Description of the vulnerability

Symantec products detect viruses contained in RAR/TAR/ZIP archives.

However, an attacker can create a slightly malformed archive, which can still be opened by Unrar/Untar/Unzip tools, but which cannot be opened by the antivirus.

An attacker can therefore create a RAR/TAR/ZIP archive containing a virus which is not detected by Symantec products.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Symantec Norton Internet Security: