Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.
Exploitability
AV:NAC:LAu:NImpact
C:CI:CA:C10/AV:N/AC:L/Au:N/C:C/I:C/A:C