cvelistv5 - cve-2002-1540

CVE-2002-1540 (GCVE-0-2002-1540)

Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:26

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://archives.neohapsis.com/archives/bugtraq/20…	mailing-listx_refsource_BUGTRAQ
	http://www.osvdb.org/6258	vdb-entryx_refsource_OSVDB
	http://www.iss.net/security_center/static/10475.php	vdb-entryx_refsource_XF
	http://archives.neohapsis.com/archives/bugtraq/20…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:26:28.699Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20021025 RE:  DH team: Norton Antivirus Corporate Edition Privilege Escalation, http://online.securityfocus.com/archive/1/296979/2002-10-22/2002-10-28/0",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html"
          },
          {
            "name": "6258",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/6258"
          },
          {
            "name": "nav-winhlp32-gain-privileges(10475)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/10475.php"
          },
          {
            "name": "20021024 DH team: Norton Antivirus Corporate Edition Privilege Escalation",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-10-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2004-08-18T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20021025 RE:  DH team: Norton Antivirus Corporate Edition Privilege Escalation, http://online.securityfocus.com/archive/1/296979/2002-10-22/2002-10-28/0",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html"
        },
        {
          "name": "6258",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/6258"
        },
        {
          "name": "nav-winhlp32-gain-privileges(10475)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/10475.php"
        },
        {
          "name": "20021024 DH team: Norton Antivirus Corporate Edition Privilege Escalation",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1540",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20021025 RE:  DH team: Norton Antivirus Corporate Edition Privilege Escalation, http://online.securityfocus.com/archive/1/296979/2002-10-22/2002-10-28/0",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html"
            },
            {
              "name": "6258",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/6258"
            },
            {
              "name": "nav-winhlp32-gain-privileges(10475)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/10475.php"
            },
            {
              "name": "20021024 DH team: Norton Antivirus Corporate Edition Privilege Escalation",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-1540",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2003-02-25T00:00:00",
    "dateUpdated": "2024-08-08T03:26:28.699Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:corporate_7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0055CC22-AE2D-491F-B2D0-C105EC7B8E73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:corporate_7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62448809-BC4E-4F56-9531-3B756AA02BCE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:corporate_7.51:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B04C5A60-588C-418A-915E-3E8995A4DC25\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32.\"}, {\"lang\": \"es\", \"value\": \"El cliente de Symantec Norton AntiVirus Corporate Edition 7.5.x anteriores a la 7.5.1 Build 62 y 7.6.x anteriores a la 7.6.1 Build 35a ejecutan winhlp32 con privilegios elevados, lo que permite a usuarios locales la obtenci\\u00f3n de privilegios utilizando ciertas caracter\\u00edsticas de winhlp32.\"}]",
      "id": "CVE-2002-1540",
      "lastModified": "2024-11-20T23:41:32.950",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2003-03-31T05:00:00.000",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.iss.net/security_center/static/10475.php\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/6258\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.iss.net/security_center/static/10475.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/6258\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2002-1540\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2003-03-31T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32.\"},{\"lang\":\"es\",\"value\":\"El cliente de Symantec Norton AntiVirus Corporate Edition 7.5.x anteriores a la 7.5.1 Build 62 y 7.6.x anteriores a la 7.6.1 Build 35a ejecutan winhlp32 con privilegios elevados, lo que permite a usuarios locales la obtenci\u00f3n de privilegios utilizando ciertas caracter\u00edsticas de winhlp32.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:corporate_7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0055CC22-AE2D-491F-B2D0-C105EC7B8E73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:corporate_7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62448809-BC4E-4F56-9531-3B756AA02BCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:corporate_7.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B04C5A60-588C-418A-915E-3E8995A4DC25\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.iss.net/security_center/static/10475.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/6258\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.iss.net/security_center/static/10475.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/6258\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-200303-0032

Vulnerability from variot - Updated: 2023-12-18 11:43

The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32. Applications or Services that call the Windows Help function in an insecure manner may allow a user unauthorized access to resrouces on the system. Applications or Services that call the Windows Help function in an insecure manner may allow a user unauthorized access to resrouces on the system. This issue may occur in applications or services where the Help function is not called in a secure manner. An example of this is when Anti-virus software or a personal firewall is running on the local system with the privileges of an administrator on the local system, and has an interface to "communicate" with the user. ISIHARA Takanori reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user may gain unauthorized access to resources on the system

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200303-0032",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "corporate_7.5"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "corporate_7.6"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "corporate_7.51"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "symantec",
        "version": "corporate edition prior to 7.5.1 build 62"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "symantec",
        "version": "corporate edition prior to 7.6.1 build 35a"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "symantec",
        "version": "corporate edition 9.0.1 upgrade to mr3 or later"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "symantec",
        "version": "corporate edition 9.0.2 upgrade to mr3 or later"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "symantec",
        "version": "edition 9.0 upgrade to mr3 or later"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "symantec",
        "version": "2.0 upgrade to mr3 or later"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "symantec",
        "version": "2.0.1 upgrade to mr3 or later"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "symantec",
        "version": "2.0.2 upgrade to mr3 or later"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000026"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-1540"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-085"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:corporate_7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:corporate_7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:corporate_7.51:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2002-1540"
      }
    ]
  },
  "cve": "CVE-2002-1540",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2011-000026",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-5925",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2002-1540",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2011-000026",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200303-085",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-5925",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-5925"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000026"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-1540"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-085"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32. Applications or Services that call the Windows Help function in an insecure manner may allow a user unauthorized access to resrouces on the system. Applications or Services that call the Windows Help function in an insecure manner may allow a user unauthorized access to resrouces on the system. This issue may occur in applications or services where the Help function is not called in a secure manner. An example of this is when Anti-virus software or a personal firewall is running on the local system with the privileges of an administrator on the local system, and has an interface to \"communicate\" with the user. ISIHARA Takanori reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user may gain unauthorized access to resources on the system",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2002-1540"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000026"
      },
      {
        "db": "VULHUB",
        "id": "VHN-5925"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2002-1540",
        "trust": 2.5
      },
      {
        "db": "OSVDB",
        "id": "6258",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVN63898867",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000026",
        "trust": 0.8
      },
      {
        "db": "BUGTRAQ",
        "id": "20021025 RE: DH TEAM: NORTON ANTIVIRUS CORPORATE EDITION PRIVILEGE ESCALATION, HTTP://ONLINE.SECURITYFOCUS.COM/ARCHIVE/1/296979/2002-10-22/2002-10-28/0",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20021024 DH TEAM: NORTON ANTIVIRUS CORPORATE EDITION PRIVILEGE ESCALATION",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "32",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-085",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-5925",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-5925"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000026"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-1540"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-085"
      }
    ]
  },
  "id": "VAR-200303-0032",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-5925"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:43:34.599000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security, services and the interactive desktop in Windows",
        "trust": 0.8,
        "url": "http://support.microsoft.com/kb/327618/en-us"
      },
      {
        "title": "SYM05-012 ",
        "trust": 0.8,
        "url": "http://www.symantec.com/avcenter/security/content/2005.08.24.html"
      },
      {
        "title": "October 15, 2002 Symantec Norton AntiVirus Corporate Edition 7.x Help File Elevation of Privilege",
        "trust": 0.8,
        "url": "http://www.symantec.com/avcenter/security/content/2002.10.15.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000026"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000026"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-1540"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html"
      },
      {
        "trust": 1.7,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/6258"
      },
      {
        "trust": 1.7,
        "url": "http://www.iss.net/security_center/static/10475.php"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1540"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2017"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/en/jp/jvn63898867"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2002-1540"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-2017"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-5925"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000026"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-1540"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-085"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-5925"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000026"
      },
      {
        "db": "NVD",
        "id": "CVE-2002-1540"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-085"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2003-03-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-5925"
      },
      {
        "date": "2011-05-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-000026"
      },
      {
        "date": "2003-03-31T05:00:00",
        "db": "NVD",
        "id": "CVE-2002-1540"
      },
      {
        "date": "2003-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200303-085"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-09-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-5925"
      },
      {
        "date": "2011-05-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-000026"
      },
      {
        "date": "2008-09-10T19:14:51.070000",
        "db": "NVD",
        "id": "CVE-2002-1540"
      },
      {
        "date": "2006-04-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200303-085"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-085"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Applications that use the Windows Help function may be vulnerable to privilege escalation",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-000026"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "unknown",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200303-085"
      }
    ],
    "trust": 0.6
  }
}

GSD-2002-1540

Vulnerability from gsd - Updated: 2023-12-13 01:24

Details

Aliases

CVE-2002-1540

Aliases

CVE-2002-1540

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2002-1540",
    "description": "The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32.",
    "id": "GSD-2002-1540"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2002-1540"
      ],
      "details": "The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32.",
      "id": "GSD-2002-1540",
      "modified": "2023-12-13T01:24:09.571352Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2002-1540",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20021025 RE:  DH team: Norton Antivirus Corporate Edition Privilege Escalation, http://online.securityfocus.com/archive/1/296979/2002-10-22/2002-10-28/0",
            "refsource": "BUGTRAQ",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html"
          },
          {
            "name": "6258",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/6258"
          },
          {
            "name": "nav-winhlp32-gain-privileges(10475)",
            "refsource": "XF",
            "url": "http://www.iss.net/security_center/static/10475.php"
          },
          {
            "name": "20021024 DH team: Norton Antivirus Corporate Edition Privilege Escalation",
            "refsource": "BUGTRAQ",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:corporate_7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:corporate_7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:corporate_7.51:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1540"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "nav-winhlp32-gain-privileges(10475)",
              "refsource": "XF",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.iss.net/security_center/static/10475.php"
            },
            {
              "name": "20021024 DH team: Norton Antivirus Corporate Edition Privilege Escalation",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html"
            },
            {
              "name": "20021025 RE:  DH team: Norton Antivirus Corporate Edition Privilege Escalation, http://online.securityfocus.com/archive/1/296979/2002-10-22/2002-10-28/0",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html"
            },
            {
              "name": "6258",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/6258"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2008-09-10T19:14Z",
      "publishedDate": "2003-03-31T05:00Z"
    }
  }
}

GHSA-9R86-74VM-R67J

Vulnerability from github – Published: 2022-04-30 18:21 – Updated: 2022-04-30 18:21

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2002-1540"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2003-03-31T05:00:00Z",
    "severity": "HIGH"
  },
  "details": "The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32.",
  "id": "GHSA-9r86-74vm-r67j",
  "modified": "2022-04-30T18:21:24Z",
  "published": "2022-04-30T18:21:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1540"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html"
    },
    {
      "type": "WEB",
      "url": "http://www.iss.net/security_center/static/10475.php"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/6258"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

JVNDB-2011-000026

Vulnerability from jvndb - Published: 2011-05-13 19:36 - Updated:2011-05-13 19:36

Severity ?

() - -

Summary

Applications that use the Windows Help function may be vulnerable to privilege escalation

Details

Applications or Services that call the Windows Help function in an insecure manner may allow a user unauthorized access to resrouces on the system. Applications or Services that call the Windows Help function in an insecure manner may allow a user unauthorized access to resrouces on the system. This issue may occur in applications or services where the Help function is not called in a secure manner. An example of this is when Anti-virus software or a personal firewall is running on the local system with the privileges of an administrator on the local system, and has an interface to "communicate" with the user. ISIHARA Takanori reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN63898867
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1540
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2017
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1540
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2017
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Symantec Corporation	Symantec AntiVirus
	Symantec Corporation	Norton AntiVirus
	Symantec Corporation	Symantec Client Security

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000026.html",
  "dc:date": "2011-05-13T19:36+09:00",
  "dcterms:issued": "2011-05-13T19:36+09:00",
  "dcterms:modified": "2011-05-13T19:36+09:00",
  "description": "Applications or Services that call the Windows Help function in an insecure manner may allow a user unauthorized access to resrouces on the system.\r\n\r\nApplications or Services that call the Windows Help function in an insecure manner may allow a user unauthorized access to resrouces on the system.\r\n\r\nThis issue may occur in applications or services where the Help function is not called in a secure manner. An example of this is when Anti-virus software or a personal firewall is running on the local system with the privileges of an administrator on the local system, and has an interface to \"communicate\" with the user.\r\n\r\nISIHARA Takanori reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000026.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:symantec:antivirus",
      "@product": "Symantec AntiVirus",
      "@vendor": "Symantec Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:symantec:norton_antivirus",
      "@product": "Norton AntiVirus",
      "@vendor": "Symantec Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:symantec:symantec_client_security",
      "@product": "Symantec Client Security",
      "@vendor": "Symantec Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "7.2",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2011-000026",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN63898867",
      "@id": "JVN#63898867",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1540",
      "@id": "CVE-2002-1540",
      "@source": "CVE"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2017",
      "@id": "CVE-2005-2017",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1540",
      "@id": "CVE-2002-1540",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2017",
      "@id": "CVE-2005-2017",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Applications that use the Windows Help function may be vulnerable to privilege escalation"
}

FKIE_CVE-2002-1540

Vulnerability from fkie_nvd - Published: 2003-03-31 05:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html
cve@mitre.org	http://www.iss.net/security_center/static/10475.php	Patch, Vendor Advisory
cve@mitre.org	http://www.osvdb.org/6258
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html
af854a3a-2127-422b-91ae-364da2661108	http://www.iss.net/security_center/static/10475.php	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/6258

Impacted products

Vendor	Product	Version
symantec	norton_antivirus	corporate_7.5
symantec	norton_antivirus	corporate_7.6
symantec	norton_antivirus	corporate_7.51

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:corporate_7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0055CC22-AE2D-491F-B2D0-C105EC7B8E73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:corporate_7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "62448809-BC4E-4F56-9531-3B756AA02BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:corporate_7.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "B04C5A60-588C-418A-915E-3E8995A4DC25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32."
    },
    {
      "lang": "es",
      "value": "El cliente de Symantec Norton AntiVirus Corporate Edition 7.5.x anteriores a la 7.5.1 Build 62 y 7.6.x anteriores a la 7.6.1 Build 35a ejecutan winhlp32 con privilegios elevados, lo que permite a usuarios locales la obtenci\u00f3n de privilegios utilizando ciertas caracter\u00edsticas de winhlp32."
    }
  ],
  "id": "CVE-2002-1540",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-03-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/10475.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/6258"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/10475.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/6258"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2002-1540 (GCVE-0-2002-1540)

VAR-200303-0032

GSD-2002-1540

GHSA-9R86-74VM-R67J

JVNDB-2011-000026

FKIE_CVE-2002-1540

Tags

Sightings

Nomenclature