Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Symantec AntiVirus 格式串处理漏洞
Vulnerability Description
Symantec AntiVirus是非常流行的杀毒解决方案。 Symantec AntiVirus企业版允许在发现病毒或触发了Tamper Protection功能的时候自定义所显示的警告通知消息。警告通知进程没有正确的验证用户生成的输入,本地攻击者用可能访问进程栈的特制格式串替换Tamper Protection和Virus Alert Notification消息。成功攻击允许攻击者以提升的权限执行攻击者所选择的代码。 此外,警告通知进程中还存在另一个格式串漏洞,本地用户使用格式串替换警告通知消息,
CVSS Information
N/A
Vulnerability Type
N/A