Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3072

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2006-3072
Last Modified 07 Mar 2011 09:37:46
Published 19 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-3072

Summary

M4 Macro Library in Symantec Security Information Manager before 4.0.2.29 HOTFIX 1 allows local users to execute arbitrary commands via crafted "rule definitions", which produces dangerous Java code during M4 transformation.

Vulnerable Systems

Application

  • Symantec Security Information Manager 4.0.2

  • Symantec Security Information Manager 4.0.2.1

  • Symantec Security Information Manager 4.0.2.10

  • Symantec Security Information Manager 4.0.2.11

  • Symantec Security Information Manager 4.0.2.12

  • Symantec Security Information Manager 4.0.2.13

  • Symantec Security Information Manager 4.0.2.14

  • Symantec Security Information Manager 4.0.2.15

  • Symantec Security Information Manager 4.0.2.16

  • Symantec Security Information Manager 4.0.2.17

  • Symantec Security Information Manager 4.0.2.18

  • Symantec Security Information Manager 4.0.2.19

  • Symantec Security Information Manager 4.0.2.2

  • Symantec Security Information Manager 4.0.2.20

  • Symantec Security Information Manager 4.0.2.21

  • Symantec Security Information Manager 4.0.2.22

  • Symantec Security Information Manager 4.0.2.23

  • Symantec Security Information Manager 4.0.2.24

  • Symantec Security Information Manager 4.0.2.25

  • Symantec Security Information Manager 4.0.2.26

  • Symantec Security Information Manager 4.0.2.27

  • Symantec Security Information Manager 4.0.2.28

  • Symantec Security Information Manager 4.0.2.29

  • Symantec Security Information Manager 4.0.2.3

  • Symantec Security Information Manager 4.0.2.4

  • Symantec Security Information Manager 4.0.2.5

  • Symantec Security Information Manager 4.0.2.6

  • Symantec Security Information Manager 4.0.2.7

  • Symantec Security Information Manager 4.0.2.8

  • Symantec Security Information Manager 4.0.2.9


References

SECTRACK - 1016296

SECUNIA - 20647

VUPEN - ADV-2006-2334

CONFIRM - http://securityresponse.symantec.com/avcenter/security/Content/2006.06.13b.html

XF - symantec-sim-auth-bypass(27105)

BID - 18420


Last Updated: 27 May 2016 10:42:52