{"containers": {"cna": {"affected": [{"product": "Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360", "vendor": "Symantec", "versions": [{"status": "affected", "version": "before 22.7"}]}, {"product": "Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client", "vendor": "Symantec", "versions": [{"status": "affected", "version": "before 22.8.0.50"}]}], "datePublic": "2016-08-11T00:00:00", "descriptions": [{"lang": "en", "value": "A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges."}], "problemTypes": [{"descriptions": [{"description": "untrusted search path", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-09T19:30:52", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.securityfocus.com/bid/94295"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securitytracker.com/id/1037323"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securitytracker.com/id/1037324"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securitytracker.com/id/1037325"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@symantec.com", "ID": "CVE-2016-5311", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360", "version": {"version_data": [{"version_value": "before 22.7"}]}}, {"product_name": "Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client", "version": {"version_data": [{"version_value": "before 22.8.0.50"}]}}]}, "vendor_name": "Symantec"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "untrusted search path"}]}]}, "references": {"reference_data": [{"name": "http://www.securityfocus.com/bid/94295", "refsource": "MISC", "url": "http://www.securityfocus.com/bid/94295"}, {"name": "http://www.securitytracker.com/id/1037323", "refsource": "MISC", "url": "http://www.securitytracker.com/id/1037323"}, {"name": "http://www.securitytracker.com/id/1037324", "refsource": "MISC", "url": "http://www.securitytracker.com/id/1037324"}, {"name": "http://www.securitytracker.com/id/1037325", "refsource": "MISC", "url": "http://www.securitytracker.com/id/1037325"}, {"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00", "refsource": "CONFIRM", "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:00:58.618Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.securityfocus.com/bid/94295"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.securitytracker.com/id/1037323"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.securitytracker.com/id/1037324"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.securitytracker.com/id/1037325"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00"}]}]}, "cveMetadata": {"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2016-5311", "datePublished": "2020-01-09T19:30:52", "dateReserved": "2016-06-06T00:00:00", "dateUpdated": "2024-08-06T01:00:58.618Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:*:*:*", "matchCriteriaId": "99BAFC5B-CF3B-4B6E-A9FF-4426FB4F1C36", "versionEndExcluding": "22.8.0.50", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:endpoint_protection_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DB3235B-B116-477F-A615-CA4D725A4102", "versionEndExcluding": "22.8.0.50", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_360:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB28D86F-DCDE-4034-B166-B3932FB6830D", "versionEndExcluding": "22.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*", "matchCriteriaId": "2725D6BB-F411-4A0F-A68F-A40AE3D76F51", "versionEndExcluding": "22.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_antivirus_with_backup:*:*:*:*:*:*:*:*", "matchCriteriaId": "70D5D6E1-4E7C-44B9-8CC8-1B0EB5ADD462", "versionEndExcluding": "22.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_family:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFB88FB9-8802-4902-B430-4D4F77ECFB0A", "versionEndExcluding": "22.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_internet_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "03C6560F-041D-4BDB-A857-359F22C93C60", "versionEndExcluding": "22.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "93566F86-6E3B-4C8F-8CA5-6C1662AEEDED", "versionEndExcluding": "22.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_security_with_backup:*:*:*:*:*:*:*:*", "matchCriteriaId": "53AAF3FD-F59A-4F2D-80E7-2D415C28431C", "versionEndExcluding": "22.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de escalada de privilegios en Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud y Endpoint Protection Cloud Client, debido a una precarga de DLL sin restricciones de ruta, que podr\u00eda permitir a un usuario malicioso local obtener privilegios system."}], "id": "CVE-2016-5311", "lastModified": "2024-11-21T02:54:04.670", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-09T20:15:11.163", "references": [{"source": "secure@symantec.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94295"}, {"source": "secure@symantec.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037323"}, {"source": "secure@symantec.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037324"}, {"source": "secure@symantec.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037325"}, {"source": "secure@symantec.com", "tags": ["Vendor Advisory"], "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94295"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037323"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037324"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037325"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00"}], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}