cvelistv5 - cve-2003-0994

cve-2003-0994

Vulnerability from cvelistv5

Published

2004-09-01 04:00

Modified

2024-08-08 02:12

Severity ?

Summary

References

▼	URL	Tags
	cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html
	cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html
	cve@mitre.org	http://marc.info/?l=bugtraq&m=107393473928245&w=2
	cve@mitre.org	http://www.osvdb.org/3428
	cve@mitre.org	http://www.secnetops.biz/research/SRT2004-01-09-1022.txt
	af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=107393473928245&w=2
	af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/3428
	af854a3a-2127-422b-91ae-364da2661108	http://www.secnetops.biz/research/SRT2004-01-09-1022.txt

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:12:35.874Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "3428",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/3428"
          },
          {
            "name": "20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
          },
          {
            "name": "20040112 Re:   SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=107393473928245\u0026w=2"
          },
          {
            "name": "20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-01-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-11-13T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "3428",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/3428"
        },
        {
          "name": "20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
        },
        {
          "name": "20040112 Re:   SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=107393473928245\u0026w=2"
        },
        {
          "name": "20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0994",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "3428",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/3428"
            },
            {
              "name": "20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
            },
            {
              "name": "20040112 Re:   SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=107393473928245\u0026w=2"
            },
            {
              "name": "20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
              "refsource": "BUGTRAQ",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
            },
            {
              "name": "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt",
              "refsource": "MISC",
              "url": "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0994",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2003-12-16T00:00:00",
    "dateUpdated": "2024-08-08T02:12:35.874Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:2.1:*:ms_exchange:*:*:*:*:*\", \"matchCriteriaId\": \"A9415109-C554-40F6-851E-CC016951BDF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:2001:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19595AF4-8C85-4646-B42B-4B5863798AB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:2001:*:pro:*:*:*:*:*\", \"matchCriteriaId\": \"532CF7E7-2F8A-4AC2-91F4-C8D35B8943EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:2002:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F6F3B3C-7C60-4A38-91F0-E09148DB4FD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:2002:*:pro:*:*:*:*:*\", \"matchCriteriaId\": \"BFFF5F92-2CB6-4155-91AA-B80476509376\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:2003:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34B1D862-2CB4-4D50-9BBA-0507FEAA1924\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:2003:*:pro:*:*:*:*:*\", \"matchCriteriaId\": \"C1538C84-EB7B-407C-9B05-27B9B0A10F16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:2004:*:pro:*:*:*:*:*\", \"matchCriteriaId\": \"486AF3E7-B5EC-49D2-9822-0F8E152DEDCF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:v3.0:*:handhelds:*:*:*:*:*\", \"matchCriteriaId\": \"7980AED6-1CB7-46C0-AD67-238B4A18060B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_internet_security:2001:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D2C8E23-852E-4715-9D8D-18F26B1263A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_internet_security:2001:*:pro:*:*:*:*:*\", \"matchCriteriaId\": \"DBF82809-CE59-4B2A-89C0-FB1AF760704E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_internet_security:2002:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F05FEBA2-33E8-4074-8B57-4FE6FFEF2F32\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_internet_security:2002:*:pro:*:*:*:*:*\", \"matchCriteriaId\": \"A5FA0458-AB41-495E-B41F-C18B4E6876CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_internet_security:2003:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEF97C5F-3A80-4973-85FD-5BCE43B32AD8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_internet_security:2003:*:pro:*:*:*:*:*\", \"matchCriteriaId\": \"1F0BF645-7C56-4ED6-91C0-AE4CFAB62EE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2ACBDE0C-91D2-4357-9724-B60BBFF5D2B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_internet_security:2004:*:pro:*:*:*:*:*\", \"matchCriteriaId\": \"D7875372-44D7-47AB-8F8C-4A3AB98FB3B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_system_works:2001:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B37463FB-DA25-43F4-BB92-50354DF5A8C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_system_works:2002:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BCEEC08-41F6-423A-B845-541227B64CD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_system_works:2003:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4C31257-E62D-495D-9F7B-09D234B7BF64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_system_works:2004:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F589D9AA-FD1B-4929-93DC-801C36087E64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:windows_liveupdate:1.70.x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6118EFBA-C50B-4790-B301-5B996F759105\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:windows_liveupdate:1.90.x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"247F0A9D-E8E4-484A-99AA-4368B84F702B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.\"}, {\"lang\": \"es\", \"value\": \"La funcionalidad gui para una sesi\\u00f3n interactiva en ymantec LiveUpdate 1.70.x hasta la 1.90.x (usadas en Norton Internet Security 2001 hasta 2004, SystemWorks 2001 hasta 2004, y AntiVirus y Norton AntiVirus Pro 2001 hasta 2004, AntiVirus for Handhelds v3.0) permite que usuarios locales obtengan privilegios SYSTEM.\"}]",
      "id": "CVE-2003-0994",
      "lastModified": "2024-11-20T23:46:06.357",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2004-02-03T05:00:00.000",
      "references": "[{\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=107393473928245\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/3428\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.secnetops.biz/research/SRT2004-01-09-1022.txt\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=107393473928245\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/3428\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.secnetops.biz/research/SRT2004-01-09-1022.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2003-0994\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2004-02-03T05:00:00.000\",\"lastModified\":\"2024-11-20T23:46:06.357\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.\"},{\"lang\":\"es\",\"value\":\"La funcionalidad gui para una sesi\u00f3n interactiva en ymantec LiveUpdate 1.70.x hasta la 1.90.x (usadas en Norton Internet Security 2001 hasta 2004, SystemWorks 2001 hasta 2004, y AntiVirus y Norton AntiVirus Pro 2001 hasta 2004, AntiVirus for Handhelds v3.0) permite que usuarios locales obtengan privilegios SYSTEM.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:2.1:*:ms_exchange:*:*:*:*:*\",\"matchCriteriaId\":\"A9415109-C554-40F6-851E-CC016951BDF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:2001:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19595AF4-8C85-4646-B42B-4B5863798AB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:2001:*:pro:*:*:*:*:*\",\"matchCriteriaId\":\"532CF7E7-2F8A-4AC2-91F4-C8D35B8943EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:2002:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F6F3B3C-7C60-4A38-91F0-E09148DB4FD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:2002:*:pro:*:*:*:*:*\",\"matchCriteriaId\":\"BFFF5F92-2CB6-4155-91AA-B80476509376\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:2003:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34B1D862-2CB4-4D50-9BBA-0507FEAA1924\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:2003:*:pro:*:*:*:*:*\",\"matchCriteriaId\":\"C1538C84-EB7B-407C-9B05-27B9B0A10F16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:2004:*:pro:*:*:*:*:*\",\"matchCriteriaId\":\"486AF3E7-B5EC-49D2-9822-0F8E152DEDCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:v3.0:*:handhelds:*:*:*:*:*\",\"matchCriteriaId\":\"7980AED6-1CB7-46C0-AD67-238B4A18060B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_internet_security:2001:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D2C8E23-852E-4715-9D8D-18F26B1263A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_internet_security:2001:*:pro:*:*:*:*:*\",\"matchCriteriaId\":\"DBF82809-CE59-4B2A-89C0-FB1AF760704E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_internet_security:2002:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F05FEBA2-33E8-4074-8B57-4FE6FFEF2F32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_internet_security:2002:*:pro:*:*:*:*:*\",\"matchCriteriaId\":\"A5FA0458-AB41-495E-B41F-C18B4E6876CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_internet_security:2003:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEF97C5F-3A80-4973-85FD-5BCE43B32AD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_internet_security:2003:*:pro:*:*:*:*:*\",\"matchCriteriaId\":\"1F0BF645-7C56-4ED6-91C0-AE4CFAB62EE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ACBDE0C-91D2-4357-9724-B60BBFF5D2B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_internet_security:2004:*:pro:*:*:*:*:*\",\"matchCriteriaId\":\"D7875372-44D7-47AB-8F8C-4A3AB98FB3B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_system_works:2001:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B37463FB-DA25-43F4-BB92-50354DF5A8C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_system_works:2002:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BCEEC08-41F6-423A-B845-541227B64CD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_system_works:2003:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4C31257-E62D-495D-9F7B-09D234B7BF64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_system_works:2004:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F589D9AA-FD1B-4929-93DC-801C36087E64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:windows_liveupdate:1.70.x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6118EFBA-C50B-4790-B301-5B996F759105\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:windows_liveupdate:1.90.x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"247F0A9D-E8E4-484A-99AA-4368B84F702B\"}]}]}],\"references\":[{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=107393473928245\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/3428\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.secnetops.biz/research/SRT2004-01-09-1022.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=107393473928245\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/3428\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.secnetops.biz/research/SRT2004-01-09-1022.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-vm8p-pj64-59hv

Vulnerability from github

Published

2022-04-29 01:27

Modified

2022-04-29 01:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2003-0994"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2004-02-03T05:00:00Z",
    "severity": "HIGH"
  },
  "details": "The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.",
  "id": "GHSA-vm8p-pj64-59hv",
  "modified": "2022-04-29T01:27:19Z",
  "published": "2022-04-29T01:27:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0994"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=107393473928245\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/3428"
    },
    {
      "type": "WEB",
      "url": "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2003-0994

Vulnerability from fkie_nvd

Published

2004-02-03 05:00

Modified

2024-11-20 23:46

Severity ?

Summary

References

▼	URL	Tags
	cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html
	cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html
	cve@mitre.org	http://marc.info/?l=bugtraq&m=107393473928245&w=2
	cve@mitre.org	http://www.osvdb.org/3428
	cve@mitre.org	http://www.secnetops.biz/research/SRT2004-01-09-1022.txt
	af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=107393473928245&w=2
	af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/3428
	af854a3a-2127-422b-91ae-364da2661108	http://www.secnetops.biz/research/SRT2004-01-09-1022.txt

Impacted products

Vendor	Product	Version
symantec	norton_antivirus	2.1
symantec	norton_antivirus	2001
symantec	norton_antivirus	2001
symantec	norton_antivirus	2002
symantec	norton_antivirus	2002
symantec	norton_antivirus	2003
symantec	norton_antivirus	2003
symantec	norton_antivirus	2004
symantec	norton_antivirus	v3.0
symantec	norton_internet_security	2001
symantec	norton_internet_security	2001
symantec	norton_internet_security	2002
symantec	norton_internet_security	2002
symantec	norton_internet_security	2003
symantec	norton_internet_security	2003
symantec	norton_internet_security	2004
symantec	norton_internet_security	2004
symantec	norton_system_works	2001
symantec	norton_system_works	2002
symantec	norton_system_works	2003
symantec	norton_system_works	2004
symantec	windows_liveupdate	1.70.x
symantec	windows_liveupdate	1.90.x

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:2.1:*:ms_exchange:*:*:*:*:*",
              "matchCriteriaId": "A9415109-C554-40F6-851E-CC016951BDF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:2001:*:*:*:*:*:*:*",
              "matchCriteriaId": "19595AF4-8C85-4646-B42B-4B5863798AB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:2001:*:pro:*:*:*:*:*",
              "matchCriteriaId": "532CF7E7-2F8A-4AC2-91F4-C8D35B8943EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F6F3B3C-7C60-4A38-91F0-E09148DB4FD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:2002:*:pro:*:*:*:*:*",
              "matchCriteriaId": "BFFF5F92-2CB6-4155-91AA-B80476509376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "34B1D862-2CB4-4D50-9BBA-0507FEAA1924",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:2003:*:pro:*:*:*:*:*",
              "matchCriteriaId": "C1538C84-EB7B-407C-9B05-27B9B0A10F16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:2004:*:pro:*:*:*:*:*",
              "matchCriteriaId": "486AF3E7-B5EC-49D2-9822-0F8E152DEDCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:v3.0:*:handhelds:*:*:*:*:*",
              "matchCriteriaId": "7980AED6-1CB7-46C0-AD67-238B4A18060B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_internet_security:2001:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D2C8E23-852E-4715-9D8D-18F26B1263A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_internet_security:2001:*:pro:*:*:*:*:*",
              "matchCriteriaId": "DBF82809-CE59-4B2A-89C0-FB1AF760704E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_internet_security:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "F05FEBA2-33E8-4074-8B57-4FE6FFEF2F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_internet_security:2002:*:pro:*:*:*:*:*",
              "matchCriteriaId": "A5FA0458-AB41-495E-B41F-C18B4E6876CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_internet_security:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEF97C5F-3A80-4973-85FD-5BCE43B32AD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_internet_security:2003:*:pro:*:*:*:*:*",
              "matchCriteriaId": "1F0BF645-7C56-4ED6-91C0-AE4CFAB62EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ACBDE0C-91D2-4357-9724-B60BBFF5D2B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:pro:*:*:*:*:*",
              "matchCriteriaId": "D7875372-44D7-47AB-8F8C-4A3AB98FB3B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_system_works:2001:*:*:*:*:*:*:*",
              "matchCriteriaId": "B37463FB-DA25-43F4-BB92-50354DF5A8C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_system_works:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BCEEC08-41F6-423A-B845-541227B64CD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_system_works:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4C31257-E62D-495D-9F7B-09D234B7BF64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_system_works:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "F589D9AA-FD1B-4929-93DC-801C36087E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:windows_liveupdate:1.70.x:*:*:*:*:*:*:*",
              "matchCriteriaId": "6118EFBA-C50B-4790-B301-5B996F759105",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:windows_liveupdate:1.90.x:*:*:*:*:*:*:*",
              "matchCriteriaId": "247F0A9D-E8E4-484A-99AA-4368B84F702B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges."
    },
    {
      "lang": "es",
      "value": "La funcionalidad gui para una sesi\u00f3n interactiva en ymantec LiveUpdate 1.70.x hasta la 1.90.x (usadas en Norton Internet Security 2001 hasta 2004, SystemWorks 2001 hasta 2004, y AntiVirus y Norton AntiVirus Pro 2001 hasta 2004, AntiVirus for Handhelds v3.0) permite que usuarios locales obtengan privilegios SYSTEM."
    }
  ],
  "id": "CVE-2003-0994",
  "lastModified": "2024-11-20T23:46:06.357",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-02-03T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=107393473928245\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/3428"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=107393473928245\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/3428"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges. Symantec LiveUpdate has been reported prone to a local privilege escalation vulnerability. This issue presents itself when a LiveUpdate interactive session is created. The privileges of the process, if different from the user, are not lowered. This may allow a local attacker to employ the vulnerable LiveUpdate component to spawn arbitrary executables with the privileges of the LiveUpdate process. Symantec LiveUpdate is a program used by a large number of Symantec application systems for automatic upgrades. When a non-privileged user logs in, a small window of \"there are Live Updates available, click here to run LiveUpdate\" will be displayed in the Windows task bar. If you click to run online automatic update, you will find LUALL.exe and LUCOMS~1 The .exe will run under the context of the user SYSTEM, click the Help button, and a \"LiveUpdate Help\" window will appear, click the file and open it, browse c:\windows\system32, and then you can run the cmd.exe program with SYSTEM permissions. Secure Network Operations, Inc. http://www.secnetops.com/research Strategic Reconnaissance Team research[at]secnetops[.]com Team Lead Contact kf[at]secnetops[.]com Spam Contact rm -rf /@snosoft.com

Our Mission:

Secure Network Operations offers expertise in Networking, Intrusion Detection Systems (IDS), Software Security Validation, and Corporate/Private Network Security. Our mission is to facilitate a secure and reliable Internet and inter-enterprise communications infrastructure through the products and services we offer.

Basic Explanation

High Level Description : LiveUpdate allows local users to become SYSTEM What to do : run LiveUpdate and apply latest patches.

Basic Technical Details

Proof Of Concept Status : SNO has proof of concept.

Low Level Description : Symantec, the world leader in Internet security technology, provides a broad range of content and network security software and appliance solutions to individuals, enterprises and service providers. The company is a leading provider of client, gateway and server security solutions for virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and email filtering, and remote management technologies and security services to enterprises and service providers around the world. Symantec's Norton brand of consumer security products is a leader in worldwide retail sales and industry awards. Headquartered in Cupertino, Calif., Symantec has worldwide operations in 36 countries.

Symantec's Norton Internet Security 2004 provides essential protection from viruses, hackers, and privacy threats. This issue is similar to the issues that were uncovered in the Windows Help API by both Brett Moore and our SRT team in late 2003.

Full details available at: http://www.secnetops.biz/research/SRT2004-01-09-1022.txt and http://www.secnetops.biz/research/SRT2004-01-09-1022.jpg

Vendor Status : Symantec promptly attended to the issue and was very responsive during all phases of discovery / research and patching. Fixes are now available via LiveUpdate.

Bugtraq URL : To be assigned. CVE candidate CAN-2003-0994. Disclaimer

This advisory was released by Secure Network Operations,Inc. as a matter of notification to help administrators protect their networks against the described vulnerability. Exploit source code is no longer released in our advisories but can be obtained under contract.. Contact our sales department at sales[at]secnetops[.]com for further information on how to obtain proof of concept code.

Secure Network Operations, Inc. || http://www.secnetops.com "Embracing the future of technology, protecting you."

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200402-0066",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "norton internet security",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "symantec",
        "version": "2004"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "2001"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "2.1"
      },
      {
        "model": "norton system works",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "2001"
      },
      {
        "model": "windows liveupdate",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "1.70.x"
      },
      {
        "model": "norton system works",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "2003"
      },
      {
        "model": "windows liveupdate",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "1.90.x"
      },
      {
        "model": "norton system works",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "2002"
      },
      {
        "model": "norton system works",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "2004"
      },
      {
        "model": "norton internet security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "symantec",
        "version": "2003"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "symantec",
        "version": "2004"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "2003"
      },
      {
        "model": "norton internet security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "2001"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "2002"
      },
      {
        "model": "norton internet security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "2002"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "v3.0"
      },
      {
        "model": "norton systemworks professional edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2004"
      },
      {
        "model": "norton systemworks",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2004"
      },
      {
        "model": "norton systemworks professional edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2003"
      },
      {
        "model": "norton systemworks",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2003"
      },
      {
        "model": "norton systemworks professional edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2002"
      },
      {
        "model": "norton systemworks",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2002"
      },
      {
        "model": "norton systemworks professional edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2001"
      },
      {
        "model": "norton systemworks",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2001"
      },
      {
        "model": "norton internet security professional edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2004"
      },
      {
        "model": "norton internet security professional edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2003"
      },
      {
        "model": "norton internet security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20036.0.4.34"
      },
      {
        "model": "norton internet security professional edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20020"
      },
      {
        "model": "norton internet security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20020"
      },
      {
        "model": "norton internet security professional edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2001"
      },
      {
        "model": "norton internet security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20010"
      },
      {
        "model": "norton antivirus professional edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2004"
      },
      {
        "model": "norton antivirus professional edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2003"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20030"
      },
      {
        "model": "norton antivirus professional edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2002"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20020"
      },
      {
        "model": "norton antivirus professional edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2001"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20010"
      },
      {
        "model": "liveupdate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.9"
      },
      {
        "model": "liveupdate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.8"
      },
      {
        "model": "liveupdate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.7"
      },
      {
        "model": "antivirus for handhelds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0.0.194"
      },
      {
        "model": "antivirus for handhelds",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0"
      },
      {
        "model": "norton antivirus corporate edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "7.6"
      },
      {
        "model": "liveupdate",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2.0"
      },
      {
        "model": "java liveupdate",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "symantec",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "9401"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0994"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200402-002"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2001:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2002:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2002:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2002:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_system_works:2003:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_system_works:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2002:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2003:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2003:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2003:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:windows_liveupdate:1.70.x:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:windows_liveupdate:1.90.x:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2.1:*:ms_exchange:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2001:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2001:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2001:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_system_works:2001:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_system_works:2002:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2003:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2004:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:v3.0:*:handhelds:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2004:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0994"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Secure Network Operations\u203b research@secnetops.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200402-002"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2003-0994",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-7819",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2003-0994",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200402-002",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-7819",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-7819"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0994"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200402-002"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges. Symantec LiveUpdate has been reported prone to a local privilege escalation vulnerability. This issue presents itself when a LiveUpdate interactive session is created. The privileges of the process, if different from the user, are not lowered. This may allow a local attacker to employ the vulnerable LiveUpdate component to spawn arbitrary executables with the privileges of the LiveUpdate process. Symantec LiveUpdate is a program used by a large number of Symantec application systems for automatic upgrades. When a non-privileged user logs in, a small window of \\\"there are Live Updates available, click here to run LiveUpdate\\\" will be displayed in the Windows task bar. If you click to run online automatic update, you will find LUALL.exe and LUCOMS~1 The .exe will run under the context of the user SYSTEM, click the Help button, and a \\\"LiveUpdate Help\\\" window will appear, click the file and open it, browse c:\\windows\\system32, and then you can run the cmd.exe program with SYSTEM permissions. Secure Network Operations, Inc.             http://www.secnetops.com/research\nStrategic Reconnaissance Team               research[at]secnetops[.]com\nTeam Lead Contact                           kf[at]secnetops[.]com\nSpam Contact\t\t\t\t    `rm -rf /`@snosoft.com\n\nOur Mission:\n************************************************************************\nSecure Network Operations offers expertise in Networking, Intrusion \nDetection Systems (IDS), Software Security Validation, and \nCorporate/Private Network Security. Our mission is to facilitate a \nsecure and reliable Internet and inter-enterprise communications \ninfrastructure through the products and services we offer. \n\n\nBasic Explanation\n************************************************************************\nHigh Level Description  : LiveUpdate allows local users to become SYSTEM\nWhat to do              : run LiveUpdate and apply latest patches. \n\n\nBasic Technical Details\n************************************************************************\nProof Of Concept Status : SNO has proof of concept. \n\nLow Level Description   : Symantec, the world leader in Internet security \ntechnology, provides a broad range of content and network security \nsoftware and appliance solutions to individuals, enterprises and service \nproviders. The company is a leading provider of client, gateway and server \nsecurity solutions for virus protection, firewall and virtual private \nnetwork, vulnerability management, intrusion detection, Internet content \nand email filtering, and remote management technologies and security \nservices to enterprises and service providers around the world. Symantec\u0027s \nNorton brand of consumer security products is a leader in worldwide retail \nsales and industry awards. Headquartered in Cupertino, Calif., Symantec \nhas worldwide operations in 36 countries. \n\nSymantec\u0027s Norton Internet Security 2004 provides essential protection \nfrom viruses, hackers, and privacy threats. This issue\nis similar to the issues that were uncovered in the Windows Help API by \nboth Brett Moore and our SRT team in late 2003. \n\nFull details available at:\nhttp://www.secnetops.biz/research/SRT2004-01-09-1022.txt and\nhttp://www.secnetops.biz/research/SRT2004-01-09-1022.jpg\n\nVendor Status           : Symantec promptly attended to the issue and \nwas very responsive during all phases of discovery / research and patching. \nFixes are now available via LiveUpdate. \n\nBugtraq URL             : To be assigned. CVE candidate CAN-2003-0994. \nDisclaimer\n----------------------------------------------------------------------\nThis advisory was released by Secure Network Operations,Inc. as a matter\nof notification to help administrators protect their networks against\nthe described vulnerability. Exploit source code is no longer released\nin our advisories but can be obtained under contract.. Contact our sales \ndepartment at sales[at]secnetops[.]com for further information on how to \nobtain proof of concept code. \n\n----------------------------------------------------------------------\nSecure Network Operations, Inc. || http://www.secnetops.com\n\"Embracing the future of technology, protecting you.\"\n\n\n \n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0994"
      },
      {
        "db": "BID",
        "id": "9401"
      },
      {
        "db": "VULHUB",
        "id": "VHN-7819"
      },
      {
        "db": "PACKETSTORM",
        "id": "32501"
      }
    ],
    "trust": 1.35
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-7819",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-7819"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2003-0994",
        "trust": 2.1
      },
      {
        "db": "OSVDB",
        "id": "3428",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200402-002",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20040112 RE: SRT2004-01-9-1022 - SYMANTEC LIVEUPDATE ALLOWS LOCAL USERS TO BECOME SYSTEM",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20040112 SRT2004-01-9-1022 - SYMANTEC LIVEUPDATE ALLOWS LOCAL USERS TO BECOME SYSTEM",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "9401",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "32501",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-7819",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-7819"
      },
      {
        "db": "BID",
        "id": "9401"
      },
      {
        "db": "PACKETSTORM",
        "id": "32501"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0994"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200402-002"
      }
    ]
  },
  "id": "VAR-200402-0066",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-7819"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:26:08.189000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0994"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.secnetops.biz/research/srt2004-01-09-1022.txt"
      },
      {
        "trust": 1.7,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-january/015510.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/3428"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=107393473928245\u0026w=2"
      },
      {
        "trust": 0.6,
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=107393473928245\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.symantec.com"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/349782"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/349521"
      },
      {
        "trust": 0.1,
        "url": "http://www.secnetops.com,"
      },
      {
        "trust": 0.1,
        "url": "http://www.secnetops.com/research"
      },
      {
        "trust": 0.1,
        "url": "http://www.secnetops.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0994"
      },
      {
        "trust": 0.1,
        "url": "http://symantec.com/techsupp/files/lu/lu.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.secnetops.biz/research/srt2004-01-09-1022.jpg"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-7819"
      },
      {
        "db": "BID",
        "id": "9401"
      },
      {
        "db": "PACKETSTORM",
        "id": "32501"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0994"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200402-002"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-7819"
      },
      {
        "db": "BID",
        "id": "9401"
      },
      {
        "db": "PACKETSTORM",
        "id": "32501"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0994"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200402-002"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-02-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-7819"
      },
      {
        "date": "2004-01-12T00:00:00",
        "db": "BID",
        "id": "9401"
      },
      {
        "date": "2004-01-12T15:22:00",
        "db": "PACKETSTORM",
        "id": "32501"
      },
      {
        "date": "2004-02-03T05:00:00",
        "db": "NVD",
        "id": "CVE-2003-0994"
      },
      {
        "date": "2004-01-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200402-002"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-7819"
      },
      {
        "date": "2009-07-12T00:56:00",
        "db": "BID",
        "id": "9401"
      },
      {
        "date": "2016-10-18T02:38:57.927000",
        "db": "NVD",
        "id": "CVE-2003-0994"
      },
      {
        "date": "2006-09-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200402-002"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "9401"
      },
      {
        "db": "PACKETSTORM",
        "id": "32501"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200402-002"
      }
    ],
    "trust": 1.0
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Symantec LiveUpdate Local Privilege Escalation Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "9401"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200402-002"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access verification error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200402-002"
      }
    ],
    "trust": 0.6
  }
}

gsd-2003-0994

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2003-0994

Aliases

CVE-2003-0994

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2003-0994",
    "description": "The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.",
    "id": "GSD-2003-0994"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2003-0994"
      ],
      "details": "The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.",
      "id": "GSD-2003-0994",
      "modified": "2023-12-13T01:22:13.065100Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2003-0994",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "3428",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/3428"
          },
          {
            "name": "20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
          },
          {
            "name": "20040112 Re:   SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=107393473928245\u0026w=2"
          },
          {
            "name": "20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
            "refsource": "BUGTRAQ",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
          },
          {
            "name": "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt",
            "refsource": "MISC",
            "url": "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2001:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2002:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2002:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2002:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_system_works:2003:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_system_works:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2002:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2003:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2003:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2003:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:windows_liveupdate:1.70.x:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:windows_liveupdate:1.90.x:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2.1:*:ms_exchange:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2001:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2001:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2001:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_system_works:2001:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_system_works:2002:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2003:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2004:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:v3.0:*:handhelds:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2004:*:pro:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0994"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt"
            },
            {
              "name": "20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
            },
            {
              "name": "3428",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/3428"
            },
            {
              "name": "20040112 Re:   SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=107393473928245\u0026w=2"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-10-18T02:38Z",
      "publishedDate": "2004-02-03T05:00Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2003-0994

Vulnerability from cvelistv5

ghsa-vm8p-pj64-59hv

Vulnerability from github

cve-2003-0994

Vulnerability from fkie_nvd

var-200402-0066

Vulnerability from variot

gsd-2003-0994

Vulnerability from gsd

Tags

Sightings

Nomenclature