vendor:
Symantec AntiVirus
by:
Zohiartze Herce
7.5
CVSS
HIGH
Local Privilege Escalation
269
CWE
Product Name: Symantec AntiVirus
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE:
CPE: a:symantec:antivirus
Platforms Tested: Windows
2007
Symantec AntiVirus symtdi.sys Local Privilege Escalation
This exploit targets a vulnerability in the symtdi.sys driver of Symantec AntiVirus. By sending specially crafted input to the driver, an attacker can escalate their privileges on the affected system. This vulnerability allows an attacker with limited privileges to execute arbitrary code with kernel-level privileges, potentially gaining full control of the system. This exploit was published on milw0rm.com on July 12, 2007.
Mitigation:
Symantec has released a patch to address this vulnerability. Users are advised to update their Symantec AntiVirus software to the latest version available. Additionally, it is recommended to apply other security best practices such as keeping software and operating systems up to date, using strong passwords, and implementing least privilege principles.