Norton AntiVirus Unprivileged Auto-Protection Deactivation

Monday, October 18th, 2004
by Marc Erickson

Critical: Less critical Impact: Privilege escalation Where: Local system Solution Status: Unpatched

Software: Norton Internet Security 2004, Norton Internet Security 2004 Professional, Symantec Norton AntiVirus 2004

Description: Daniel Milisic has reported a vulnerability in Symantec Norton AntiVirus / Norton Internet Security, which can be exploited by malicious, local users to disable the auto-protection.

The vulnerability is caused due to an error in the auto-protection functionality when dealing with certain visual basic scripts. This can be exploited by a unprivileged user to force the auto-protection to be disabled for the current session.

This can further be exploited to e.g. download and execute malicious files which normally would be caught by the antivirus program.

The vulnerability has been confirmed on Norton Internet Security 2004. Other versions may also be affected.

Solution: Grant only trusted users access to the system or use another product.

What Do You Think?

Want to Start a Blog Here for Free?

Are you an expert in one subject or another? If your goal is to help others and dispense hard-earned information back to the community, stake a claim on your very own Lockergnome blog today! You can write about anything - no matter the topic. Sign-up to start blogging!

Science - Oct 10, 2008

University Professor Stresses Links Between US Navy Sonar And Whale Strandings

All Counterterrorism Programs That Collect And Mine Data Should Be Evaluated For Effectiveness
Friday, October 10, 2008
Sustainable Electricity Sources Remain Expensive
Thursday, October 9, 2008
Nanoscopic Screening Process To Speed Drug Discovery
Thursday, October 9, 2008
A Wireless Network Using Visible Light?
Thursday, October 9, 2008
New Blood Test For Down Syndrome
Wednesday, October 8, 2008

Health - Oct 8, 2008

UCI Study Shows How Fatty Foods Curb Hunger

Discovering Drugs, Biofuels In Tropical Seas
Wednesday, October 8, 2008
Students At Rice Learn How Vulnerable Electronic Voting Really Is
Tuesday, October 7, 2008
Using A Fan During Sleep Associated With Lower Risk Of SIDS
Tuesday, October 7, 2008
Customers’ Fixation On Minimum Payments Drives Up Credit Card Bills
Tuesday, October 7, 2008
Chumby
Monday, October 6, 2008

Energy - Oct 3, 2008

Scientists Explore Putting Electric Cars On A Two-Way Power Street

APA Letter To Bush: New Policy Limits Psychologist Involvement In Interrogations
Thursday, October 2, 2008
Sound & Vision Magazine
Thursday, October 2, 2008
Microvision RoV Wireless Laser Barcode Scanner
Thursday, October 2, 2008
Scientists Identify Gene That May Contribute To Improved Rice Yield
Thursday, October 2, 2008
6 Environmental Research Studies Reveal Critical Health Risks From Plastic
Thursday, October 2, 2008

Books, Science - Oct 1, 2008

Head First Physics

Nanotech And Synbio: Americans Don’t Know What’s Coming
Wednesday, October 1, 2008
Tenori-On
Wednesday, October 1, 2008
Could Cities Be The Solution To Climate Change?
Wednesday, October 1, 2008
Green Coffee-Growing Practices Buffer Climate-Change Impacts
Tuesday, September 30, 2008
Remember MST3K?
Tuesday, September 30, 2008

64 queries / 1.399 seconds.