[原文]The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32.
Symantec Norton Anti-Virus Corporate Edition winhlp32 Local Privilege Escalation
Local Access Required
Loss of Integrity
Norton AntiVirus contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when winhlp32 is launched with administrative privileges, allowing a malicious unprivileged user to execute commands with increased privileges. This flaw may lead to a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Symantec has released a patch to address this vulnerability.