CVE-2006-4855

Severity

49%

Complexity

39%

Confidentiality

115%

The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.

The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.

CVSS 2.0 Base Score 4.9. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C).

Overview

Type

Symantec

First reported 18 years ago

2006-09-19 18:07:00

Last updated 6 years ago

2018-10-17 21:39:00

Affected Software

Symantec Symantec Client Security 1.0

1.0

Symantec Symantec Client Security 1.0.1

1.0.1

Symantec Symantec Client Security 1.0.1 MR1 b8.01.425a

1.0.1_build_8.01.425a

Symantec Symantec Client Security 1.0.1 MR2 b8.01.429c

1.0.1_build_8.01.429c

Symantec Symantec Client Security 1.0.1 MR3 build 8.01.434

1.0.1_build_8.01.434

Symantec Symantec Client Security 1.0.1 build 8.01.437

1.0.1_build_8.01.437

Symantec Symantec Client Security 1.0.1 MR4 build 8.01.446

1.0.1_build_8.01.446

Symantec Symantec Client Security 1.0.1 MR5 build 8.01.457

1.0.1_build_8.01.457

Symantec Symantec Client Security 1.0.1 MR6 build 8.01.460

1.0.1_build_8.01.460

Symantec Symantec Client Security 1.0.1 MR7 build 8.01.464

1.0.1_build_8.01.464

Symantec Symantec Client Security 1.0.1 MR8 build 8.01.471

1.0.1_build_8.01.471

Symantec Symantec Client Security 1.0.1 MR9 b8.01.501

1.0.1_build_8.01.501

Symantec Symantec Client Security 1.0 b8.01.9374

1.0_build_8.01.9374

Symantec Symantec Client Security 1.1.1

1.1.1

Symantec Client Security 1.1.1 MR1 Build 8.1.1.314a

1.1.1_mr1_build_8.1.1.314a

Symantec Client Security 1.1.1 MR2 Build 8.1.1.319

1.1.1_mr2_build_8.1.1.319

Symantec Client Security 1.1.1 MR3 Build 8.1.1.323

1.1.1_mr3_build_8.1.1.323

Symantec Client Security 1.1.1 MR4 Build 8.1.1.329

1.1.1_mr4_build_8.1.1.329

Symantec Client Security 1.1.1 MR5 Build 8.1.1.336

1.1.1_mr5_build_8.1.1.336

Symantec Client Security 2.0

2.0

Symantec Client Security 2.0.1 MR1_b9.0.1.1000

2.0.1_build_9.0.1.1000

Symantec Client Security 2.0.2 MR2_b9.0.2.1000

2.0.2_build_9.0.2.1000

Symantec Client Security 2.0.3 MR3_b9.0.3.1000

2.0.3_build_9.0.3.1000

Symantec Client Security 3.0

3.0

Symantec Symantec Host IDS

Symantec Norton Antivirus 8.1.1.319 Corporate Edition

8.1.1.319

Symantec Norton Antivirus 8.1.1.323 Corporate Edition

8.1.1.323

Symantec Norton Antivirus 8.1.1.329 Corporate Edition

8.1.1.329

Symantec Norton Antivirus 8.1.1 Build8.1.1.314a Corporate Edition

8.1.1_build8.1.1.314a

Symantec Norton Antivirus 8.01.434 Corporate Edition

8.01.434

Symantec Norton Antivirus 8.01.437 Corporate Edition

8.01.437

Symantec Norton Antivirus 8.01.446 Corporate Edition

8.01.446

Symantec Norton Antivirus 8.01.457 Corporate Edition

8.01.457

Symantec Norton Antivirus 8.01.460 Corporate Edition

8.01.460

Symantec Norton Antivirus 8.01.464 Corporate Edition

8.01.464

Symantec Norton Antivirus 8.01.471 Corporate Edition

8.01.471

Symantec Norton Internet Security 2004 Professional Edition

2004

Symantec PCAnywhere 11.5

11.5

References

21938

Vendor Advisory

1591

http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html

1016889

1016892

1016893

1016894

1016895

1016896

1016897

1016898

http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php

Vendor Advisory

20060915 Symantec Norton Insufficient validation of 'SymEvent' driver input buffer

20051

Exploit

ADV-2006-3636

Vendor Advisory

symantec-firewall-symevent-dos(28960)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.