VULHUB ™

Norton Antivirus CE (NAVCE) stores its configuration file in a plain text format. This file is stored in a folder that has full write permissions for all users of the system. An attacker within the required domain can exploit this vulnerability by connecting to the open NAVCE share and upload a maliciously constructed configuration file. Modifications of this file may result in client systems failing to obtain proper updates. Other attacks are also possible.

Norton Antivirus CE (NAVCE) stores its configuration file in a plain text format. This file is stored in a folder that has full write permissions for all users of the system. An attacker within the required domain can exploit this vulnerability by connecting to the open NAVCE share and upload a maliciously constructed configuration file. Modifications of this file may result in client systems failing to obtain proper updates. Other attacks are also possible.