Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3454

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2006-3454
Last Modified 07 Mar 2011 09:38:40
Published 13 Sep 2006 08:07:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-3454

Summary

Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.

Vulnerable Systems

Application

  • Symantec Client Security 1.0

  • Symantec Client Security 1.0.1

  • Symantec Client Security 1.1

  • Symantec Client Security 1.1.1

  • Symantec Client Security 2.0

  • Symantec Client Security 2.0.1

  • Symantec Client Security 2.0.2

  • Symantec Client Security 2.0.3

  • Symantec Client Security 2.0.4

  • Symantec Client Security 3.0

  • Symantec Norton Antivirus 10.0

  • Symantec Norton Antivirus 8.1

  • Symantec Norton Antivirus 9.0

  • Symantec Norton Antivirus 9.0.1

  • Symantec Norton Antivirus 9.0.2


References

CONFIRM - http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html

VUPEN - ADV-2006-3599

XF - symantecantivirus-messages-code-execution(28936)

BID - 19986

BUGTRAQ - 20060918 Symantec Security Advisory: Symantec AntiVirus Corporate Edition

BUGTRAQ - 20060914 Layered Defense Advisory :Symantec AntiVirus Corporate Edition Format String Vulnerability

SECTRACK - 1016842

SECUNIA - 21884

MISC - http://layereddefense.com/SAV13SEPT.html


Last Updated: 27 May 2016 10:43:01