Symantec Antivirus Corporate 10.2 For Windows VistaSymantec AntiVirus Corporate Edition provides the ability to customize the alert notification message displayed when a virus is found or when the Tamper Protection function is triggered. The alert notification process does not properly validate the user-generated input. This could allow a local user to replace the Tamper Protection and Virus Alert Notification messages with a specially-crafted format string which could allow access to the process stack. If successfully exploited, this could allow the user to execute code of the attacker’s choice with elevated privileges, on the local system.In addition, Symantec engineers found a second format string vulnerability in the alert notification process. This issue could allow a local user to replace the alert notification message with a format string which could cause potentially cause the Real Time Virus Scan service to crash when the notification message is displayed following the detection of a malicious file.
No comments:
Post a Comment