CVE-2016-5311

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2016-5311
A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.9 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://www.securityfocus.com/bid/94295 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037323 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037324 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037325 Third Party Advisory VDB Entry
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:*:*:*
cpe:2.3:a:symantec:endpoint_protection_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_360:*:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_antivirus_with_backup:*:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_family:*:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_internet_security:*:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_security:*:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_security_with_backup:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2020-01-09 20:15

Updated : 2024-02-04 20:39

NVD link : CVE-2016-5311

Mitre link : CVE-2016-5311

CVE.ORG link : CVE-2016-5311

JSON object : View

Products Affected

symantec

  • norton_security
  • norton_security_with_backup
  • norton_family
  • norton_antivirus
  • endpoint_protection
  • norton_internet_security
  • norton_antivirus_with_backup
  • endpoint_protection_cloud
  • norton_360
CWE
CWE-427

Uncontrolled Search Path Element