CVE-2006-1836

Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.

Published: Apr 19, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-1836
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:L/AC:L/Au:S/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
symantec / liveupdate	3.5	3.5.x
symantec / norton_antivirus	9.0.0	9.0.0.x
symantec / norton_antivirus	9.0.2	9.0.2.x
symantec / norton_antivirus	10.0.0	10.0.0.x
symantec / norton_antivirus	9.0.3	9.0.3.x
symantec / norton_antivirus	10.0.1	10.0.1.x
symantec / norton_personal_firewall	3.1	3.1.x
symantec / norton_personal_firewall	3.0	3.0.x
symantec / norton_system_works	3.0	3.0.x
symantec / liveupdate	3.0	3.0.x
symantec / liveupdate	3.0.3	3.0.3.x
symantec / norton_antivirus	10.0	10.0.x
symantec / liveupdate	3.0.1	3.0.1.x
symantec / norton_utilities	8.0	8.0.x
symantec / norton_antivirus	10.9.1	10.9.1.x
symantec / norton_antivirus	9.0.1	9.0.1.x
symantec / norton_internet_security	3.0	3.0.x
symantec / liveupdate	3.0.2	3.0.2.x

Vulnerability Database

289,697

CVE-2006-1836