CVE-2007-5829

CWE-2643 documents3 sources

Severity

6.0MEDIUM

EPSS

0.0%

top 84.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Norton Antivirus Symantec Norton Internet Security

Timeline

PublishedNov 5

Latest updateMay 1

Description

The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing unspecified files, which are executed when a user with physical access inserts a disk and the "Show Progress During Mount Scans" option is enabled.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.5 | Impact: 10.0

Affected Packages2 packages

▶NVDsymantec/norton_antivirus6 versions+5

▶NVDsymantec/norton_internet_security3.0

🔴Vulnerability Details

GHSA

GHSA-h32x-cwv5-64xp: The Disk Mount scanner in Symantec AntiVirus for Macintosh 9↗2022-05-01

▶

CVEList

CVE-2007-5829: The Disk Mount scanner in Symantec AntiVirus for Macintosh 9↗2007-11-05

▶