CVE-2006-4802

Severity

46%

Complexity

39%

Confidentiality

106%

Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor.

Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Symantec

First reported 18 years ago

2006-09-14 22:07:00

Last updated 6 years ago

2018-10-17 21:39:00

Affected Software

Symantec Symantec Client Security 1.0

1.0

Symantec Symantec Client Security 1.0.1

1.0.1

Symantec Symantec Client Security 1.0.1 MR3 build 8.01.434

1.0.1_build_8.01.434

Symantec Symantec Client Security 1.0.1 build 8.01.437

1.0.1_build_8.01.437

Symantec Symantec Client Security 1.0.1 MR4 build 8.01.446

1.0.1_build_8.01.446

Symantec Symantec Client Security 1.0.1 MR5 build 8.01.457

1.0.1_build_8.01.457

Symantec Symantec Client Security 1.0.1 MR6 build 8.01.460

1.0.1_build_8.01.460

Symantec Symantec Client Security 1.0.1 MR7 build 8.01.464

1.0.1_build_8.01.464

Symantec Symantec Client Security 1.0.1 MR8 build 8.01.471

1.0.1_build_8.01.471

Symantec Symantec Client Security 1.1.1

1.1.1

Symantec Client Security 1.1.1 MR1 Build 8.1.1.314a

1.1.1_mr1_build_8.1.1.314a

Symantec Client Security 1.1.1 MR2 Build 8.1.1.319

1.1.1_mr2_build_8.1.1.319

Symantec Client Security 1.1.1 MR3 Build 8.1.1.323

1.1.1_mr3_build_8.1.1.323

Symantec Client Security 1.1.1 MR4 Build 8.1.1.329

1.1.1_mr4_build_8.1.1.329

Symantec Client Security 1.1.1 MR5 Build 8.1.1.336

1.1.1_mr5_build_8.1.1.336

Symantec Client Security 2.0

2.0

Symantec Client Security 2.0.1

2.0.1

Symantec Client Security 2.0.2

2.0.2

Symantec Client Security 2.0.3

2.0.3

Symantec Client Security 2.0.4

2.0.4

Symantec Norton Antivirus 8.1.1.319 Corporate Edition

8.1.1.319

Symantec Norton Antivirus 8.1.1.323 Corporate Edition

8.1.1.323

Symantec Norton Antivirus 8.1.1.329 Corporate Edition

8.1.1.329

Symantec Norton Antivirus 8.1.1 Build8.1.1.314a Corporate Edition

8.1.1_build8.1.1.314a

References

21884

Vendor Advisory

http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html

1016842

20060918 Symantec Security Advisory: Symantec AntiVirus Corporate Edition

19986

symantecantivirus-alert-dos(28937)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.