Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-5311

A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges.

Published

2020-01-09T20:15:11.163

Last Modified

2024-11-21T02:54:04.670

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.4

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-427
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application symantec endpoint_protection < 22.8.0.50 Yes
Application symantec endpoint_protection_cloud < 22.8.0.50 Yes
Application symantec norton_360 < 22.7 Yes
Application symantec norton_antivirus < 22.7 Yes
Application symantec norton_antivirus_with_backup < 22.7 Yes
Application symantec norton_family < 22.7 Yes
Application symantec norton_internet_security < 22.7 Yes
Application symantec norton_security < 22.7 Yes
Application symantec norton_security_with_backup < 22.7 Yes
References