漏洞标题
N/A
漏洞描述信息
**争议**
Windows上的Symantec LiveState 7.1代理允许本地用户通过停止shstart.exe进程并从系统托盘图标打开“Web自服务”,从而获取特权,这将打开具有高权限的浏览器窗口。请注意:有几种第三方研究人员注意到,终止shstart.exe可能需要管理员权限。如果是这样,则没有特权升级,这不是漏洞。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Symantec LiveState 7.1 Agent for Windows allows local users to gain privileges by stopping the shstart.exe process and open "Web Self-Service" from the system tray icon, which will open a browser window running with elevated privileges. NOTE: several third-party researchers have noted that administrator privileges may be necessary to terminate shstart.exe. If this is the case, then no privilege escalation occurs, and this is not a vulnerability
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Symantec LiveState Agent 'shstart.exe'进程安全权限提升漏洞
漏洞描述信息
** 争议 ** Symantec LiveState 7.1 Agent for Windows允许本地用户通过停止shstart.exe进程并从系统任务栏图标打开"Web Self-Service"(打开带有提升特权的浏览器窗口)来获取特权。 注:几个第三方研究者指出可能需要管理员特权来终止shstart.exe。 如果是这样,则不发生特权提升,这就不是漏洞。
CVSS信息
N/A
漏洞类别
授权问题