-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Symantec AntiVirus and Symantec Client Security Elevation of Privilege September 13, 2006 Overview An elevation of privilege vulnerability in Symantec Client Security and Symantec AntiVirus Corporate Edition could potentially allow a local attacker to execute code with elevated privileges on the target machine. Affected Products Symantec AntiVirus Corporate Edition versions 10.0, 9.x, and 8.1 Symantec Client Security versions 3.0, 2.x, 1.x Unaffected Products Symantec AntiVirus Corporate Edition version 10.1 Symantec Client Security version 3.1 Norton product line Details Deral Heiland of Layered Defense notified Symantec of a format string vulnerability within Symantec AntiVirus Corporate Edition. If successfully exploited, the vulnerability could allow a local attacker to execute code with elevated privileges on the local system. In addition, Symantec engineers found a second format string vulnerability in the alert notification process. This issue could allow a local user to replace the alert notification message with a format string which could cause potentially cause the Real Time Virus Scan service to crash when the notification message is displayed following the detection of a malicious file. Symantec Response Symantec engineers have verified that these vulnerabilities exist in the product versions indicated, and have provided updates to address the issue. Please refer to our advisory for any updates on this vulnerablity: http://www.symantec.com/avcenter/security/Content/2006.09.13.html Symantec Product Security -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQEVAwUBRQ7x2By6+gFWHby+AQi3hwgAjJSJH5kmtrR/tknJQPetijsTPdjnOzr9 RckwDTCd4BQQfWgU4SBO6rerdhooEFQ0O2Th2VQ8kvaeuIf09wcrkOQB2x6IDdaQ PXXdSsXsntQo/lzOLxxqQZplYaNPLCfk4NNsvpIHRVgsHLRYJF0CrD2vT6HF35OM X864YzovNFT7Q0qTo0vmqxG58q+STXrR/+R3slKj6gj8xNsk3QMHU+Z7goOz9mKZ VahzH55qc83/Id1rzk01omrt3L25V+lDLoHT7QCnGNdjJkcygLluN/jPedqQiWfr a23G2k7bku1syK8zXq9o5OyyC9B+Th8C7pB9JmAUMC2dCZqmSbHFkg== =aga/ -----END PGP SIGNATURE-----