Overview
Security analysts from Secure Network Operations notified Symantec of a potential issue with the NetDetect task that runs as a scheduled task as a part of Automatic LiveUpdate. If the system is configured as a multi-user system with privileged and non-privileged user access, a non-privileged user could potentially access and manipulate the Symantec Windows LiveUpdate GUI functionality to gain privileged system access.
NOTE: Neither of these potential issues could be used to deploy malware or result in remote access to a client system.
Affected Components
Symantec Windows LiveUpdate prior to v2.5
Symantec Norton SystemWorks 2001-2004
Symantec Norton AntiVirus and Pro 2001-2004
Symantec Norton Internet Security and Pro 2001-2004
Symantec AntiVirus for Handhelds Retail and Corporate Edition v3.0