CVE-2016-5311
moderate-risk
Published 2020-01-09
A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges.
Do I need to act?
-
0.27% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (9)
Norton Antivirus With Backup
Norton Family
Affected Vendors
References (10)
Third Party Advisory
http://www.securityfocus.com/bid/94295
Third Party Advisory
http://www.securitytracker.com/id/1037323
Third Party Advisory
http://www.securitytracker.com/id/1037324
Third Party Advisory
http://www.securitytracker.com/id/1037325
Third Party Advisory
http://www.securityfocus.com/bid/94295
Third Party Advisory
http://www.securitytracker.com/id/1037323
Third Party Advisory
http://www.securitytracker.com/id/1037324
Third Party Advisory
http://www.securitytracker.com/id/1037325
40
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
1/34 · Minimal
Exposure
15/34 · Moderate