Symantec has issued an alert that a vulnerability in Symantec LiveUpdate can be exploited by malicious users to gain privileges on a vulnerable system.
"If the system is configured as a multi-user system with privileged and non-privileged user access, a non-privileged user could potentially access and manipulate the Symantec Automatic LiveUpdate GUI functionality to gain privileged system access.
Affected products:
Symantec Windows LiveUpdate 1.70.x through 1.90.x
Symantec Norton SystemWorks 2001-2004
Symantec Norton AntiVirus and Norton AntiVirus Pro 2001-2004
Symantec Norton Internet Security and Norton Internet Security Pro 2001-2004
Symantec AntiVirus for Handhelds v3.0
Read the bulletin at http://www.sarc.com/avcenter/security/Content/2004.01.12.html