CVE-2012-0304

Published Jun 22, 2012

Last updated 12 years ago

CVSS info 6.9

Overview

Description: Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:symantec:liveupdate_administrator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1505ECD5-80C7-4EB1-9D6C-17411903A9EE",
            "versionEndIncluding": "2.3.0"
          },
          {
            "criteria": "cpe:2.3:a:symantec:liveupdate_administrator:1.5.3.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C9985F5-22BB-414B-99D9-DF54D679795F"
          },
          {
            "criteria": "cpe:2.3:a:symantec:liveupdate_administrator:1.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A292D63-35E1-453C-8E67-14E069A5C799"
          },
          {
            "criteria": "cpe:2.3:a:symantec:liveupdate_administrator:1.5.7.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F3F5745-4BBB-4A0D-B071-807A7D2AD2D4"
          },
          {
            "criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C6436A5-ED76-4A14-B0B7-F34ED9A103B4"
          },
          {
            "criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B411C8E3-5C1E-4C05-85EB-27EDDF1BEEF3"
          },
          {
            "criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4DA63E2-6474-4DFC-B3D8-74164227385D"
          },
          {
            "criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20DC932C-BD80-43C0-A3F8-DC65F0EE1FFE"
          },
          {
            "criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C2DE1CE-8A1D-4BEB-86A2-EF5501789A97"
          },
          {
            "criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.2.2.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6810DD57-BF79-4F38-81C5-8F2B69577E35"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References