CVE-2016-5311
Summary
| CVE | CVE-2016-5311 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-01-09 20:15:00 UTC |
| Updated | 2020-01-29 15:27:00 UTC |
| Description | A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges. |
Risk And Classification
Problem Types: CWE-427
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Symantec | Endpoint Protection | All | All | All | All |
| Application | Symantec | Endpoint Protection | All | All | All | All |
| Application | Symantec | Endpoint Protection Cloud | All | All | All | All |
| Application | Symantec | Endpoint Protection Cloud | All | All | All | All |
| Application | Symantec | Norton 360 | All | All | All | All |
| Application | Symantec | Norton 360 | All | All | All | All |
| Application | Symantec | Norton Antivirus | All | All | All | All |
| Application | Symantec | Norton Antivirus | All | All | All | All |
| Application | Symantec | Norton Antivirus With Backup | All | All | All | All |
| Application | Symantec | Norton Antivirus With Backup | All | All | All | All |
| Application | Symantec | Norton Family | All | All | All | All |
| Application | Symantec | Norton Family | All | All | All | All |
| Application | Symantec | Norton Internet Security | All | All | All | All |
| Application | Symantec | Norton Internet Security | All | All | All | All |
| Application | Symantec | Norton Security | All | All | All | All |
| Application | Symantec | Norton Security | All | All | All | All |
| Application | Symantec | Norton Security With Backup | All | All | All | All |
| Application | Symantec | Norton Security With Backup | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Multiple Symantec Products CVE-2016-5311 DLL Loading Local Privilege Escalation Vulnerability | MISC | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Norton Internet Security DLL Loading Error Lets Local Users Obtain System Privileges - SecurityTracker | MISC | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Security Advisories Relating to Symantec Products - Symantec Norton Client DLL Pre-Loading Uncontrolled Search Path Elevation of Privilege - 2016-11-17T15:09:19 PST | Symantec | CONFIRM | www.symantec.com | Vendor Advisory |
| Norton Anti-Virus DLL Loading Error Lets Local Users Obtain System Privileges - SecurityTracker | MISC | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Symantec Endpoint Protection DLL Loading Error Lets Local Users Obtain System Privileges - SecurityTracker | MISC | www.securitytracker.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.