1. CVE-Search
  2. CVE-2006-1836
ID CVE-2006-1836
Summary Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:liveupdate:3.0:*:macintosh:*:*:*:*:*
    cpe:2.3:a:symantec:liveupdate:3.0:*:macintosh:*:*:*:*:*
  • cpe:2.3:a:symantec:liveupdate:3.0.1:*:macintosh:*:*:*:*:*
    cpe:2.3:a:symantec:liveupdate:3.0.1:*:macintosh:*:*:*:*:*
  • cpe:2.3:a:symantec:liveupdate:3.0.2:*:macintosh:*:*:*:*:*
    cpe:2.3:a:symantec:liveupdate:3.0.2:*:macintosh:*:*:*:*:*
  • cpe:2.3:a:symantec:liveupdate:3.0.3:*:macintosh:*:*:*:*:*
    cpe:2.3:a:symantec:liveupdate:3.0.3:*:macintosh:*:*:*:*:*
  • cpe:2.3:a:symantec:liveupdate:3.5:*:macintosh:*:*:*:*:*
    cpe:2.3:a:symantec:liveupdate:3.5:*:macintosh:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_antivirus:9.0.0:*:macintosh:*:*:*:*:*
    cpe:2.3:a:symantec:norton_antivirus:9.0.0:*:macintosh:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:macintosh:*:*:*:*:*
    cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:macintosh:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:macintosh:*:*:*:*:*
    cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:macintosh:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_antivirus:9.0.3:*:macintosh:*:*:*:*:*
    cpe:2.3:a:symantec:norton_antivirus:9.0.3:*:macintosh:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_antivirus:10.0:*:macintosh:*:*:*:*:*
    cpe:2.3:a:symantec:norton_antivirus:10.0:*:macintosh:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_antivirus:10.0.0:*:macintosh:*:*:*:*:*
    cpe:2.3:a:symantec:norton_antivirus:10.0.0:*:macintosh:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_antivirus:10.0.1:*:macintosh:*:*:*:*:*
    cpe:2.3:a:symantec:norton_antivirus:10.0.1:*:macintosh:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_antivirus:10.9.1:*:macintosh:*:*:*:*:*
    cpe:2.3:a:symantec:norton_antivirus:10.9.1:*:macintosh:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_internet_security:3.0:*:macintosh:*:*:*:*:*
    cpe:2.3:a:symantec:norton_internet_security:3.0:*:macintosh:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_personal_firewall:3.0:*:macintosh:*:*:*:*:*
    cpe:2.3:a:symantec:norton_personal_firewall:3.0:*:macintosh:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_personal_firewall:3.1:*:macintosh:*:*:*:*:*
    cpe:2.3:a:symantec:norton_personal_firewall:3.1:*:macintosh:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_system_works:3.0:*:macintosh:*:*:*:*:*
    cpe:2.3:a:symantec:norton_system_works:3.0:*:macintosh:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_utilities:8.0:*:macintosh:*:*:*:*:*
    cpe:2.3:a:symantec:norton_utilities:8.0:*:macintosh:*:*:*:*:*
CVSS
Base: 6.8 (as of 18-10-2018 - 16:36)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:S/C:C/I:C/A:C
refmap via4
bid 17571
bugtraq 20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation
confirm http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html
sectrack 1015953
secunia 19682
sreason 100
vupen ADV-2006-1386
xf liveupdate-exepath-env-privilege-escalation(25839)
Last major update 18-10-2018 - 16:36
Published 19-04-2006 - 16:06
Last modified 18-10-2018 - 16:36
Back to Top