CVE-2016-5311

Name: CVE-2016-5311
Creator: NVD / NIST
Published: 2020-01-09T20:15:11.163+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 0.71%

Last modified Jun 17, 2026

CVE-2016-5311 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges.. EPSS estimates a 0.71% chance of exploitation in the next 30 days.

Description

A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

0.71%

49.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-427

Affected Software

Vendor	Product	Versions
Symantec	Endpoint Protection	< 22.8.0.50
Symantec	Endpoint Protection Cloud	< 22.8.0.50
Symantec	Norton 360	< 22.7
Symantec	Norton Antivirus	< 22.7
Symantec	Norton Antivirus With Backup	< 22.7
Symantec	Norton Family	< 22.7
Symantec	Norton Internet Security	< 22.7
Symantec	Norton Security	< 22.7
Symantec	Norton Security With Backup	< 22.7

References

http://www.securityfocus.com/bid/94295Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1037323Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1037324Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1037325Third Party Advisory, VDB Entry
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00Vendor Advisory
http://www.securityfocus.com/bid/94295Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1037323Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1037324Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1037325Third Party Advisory, VDB Entry
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00Vendor Advisory

Timeline

Published: Jan 9, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-5311?

How severe is CVE-2016-5311?

CVE-2016-5311 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.71% probability of exploitation in the next 30 days.

How do I fix CVE-2016-5311?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-5311?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST