CVE-2016-5311
HIGHSymantec Norton and Endpoint Protection < 22.8.0.50 - Privilege Escalation via DLL Preloading
Title source: llmDescription
A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/94295
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securitytracker.com/id/1037323
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securitytracker.com/id/1037324
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securitytracker.com/id/1037325
Vendor Advisory x_refsource_confirm
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00
Scores
CVSS v3
7.8
EPSS
0.0027
EPSS Percentile
50.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (9)
symantec/endpoint_protection
< 22.8.0.50
symantec/endpoint_protection_cloud
< 22.8.0.50
symantec/norton_360
< 22.7
symantec/norton_antivirus
< 22.7
symantec/norton_antivirus_with_backup
< 22.7
symantec/norton_family
< 22.7
symantec/norton_internet_security
< 22.7
symantec/norton_security
< 22.7
symantec/norton_security_with_backup
< 22.7
Published
Jan 09, 2020
Tracked Since
Feb 18, 2026