Lucene search

MitreCVE-2006-4802

HistorySep 14, 2006 - 10:07 p.m.

CVE-2006-4802

2006-09-1422:07:00

mitre

web.nvd.nist.gov

cve-2006-4802

symantec

antivirus

format string vulnerability

security advisory

nvd

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.025

Percentile

90.1%

JSON

Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a “second format string vulnerability” as found by the vendor.

Affected configurations

Nvd

Node

symantecclient_securityMatch1.0

symantecclient_securityMatch1.0.1

symantecclient_securityMatch1.0.1_build_8.01.434mr3

symantecclient_securityMatch1.0.1_build_8.01.437

symantecclient_securityMatch1.0.1_build_8.01.446mr4

symantecclient_securityMatch1.0.1_build_8.01.457mr5

symantecclient_securityMatch1.0.1_build_8.01.460mr6

symantecclient_securityMatch1.0.1_build_8.01.464mr7

symantecclient_securityMatch1.0.1_build_8.01.471mr8

symantecclient_securityMatch1.1

symantecclient_securityMatch1.1.1

symantecclient_securityMatch1.1.1_mr1_build_8.1.1.314a

symantecclient_securityMatch1.1.1_mr2_build_8.1.1.319

symantecclient_securityMatch1.1.1_mr3_build_8.1.1.323

symantecclient_securityMatch1.1.1_mr4_build_8.1.1.329

symantecclient_securityMatch1.1.1_mr5_build_8.1.1.336

symantecclient_securityMatch1.2

symantecclient_securityMatch1.3

symantecclient_securityMatch1.4

symantecclient_securityMatch1.5

symantecclient_securityMatch1.6

symantecclient_securityMatch1.7

symantecclient_securityMatch1.8

symantecclient_securityMatch1.9

symantecclient_securityMatch2.0

symantecclient_securityMatch2.0.1

symantecclient_securityMatch2.0.2

symantecclient_securityMatch2.0.3

symantecclient_securityMatch2.0.4

symantecnorton_antivirusMatch8.1corporate

symantecnorton_antivirusMatch8.1.1.319corporate

symantecnorton_antivirusMatch8.1.1.323corporate

symantecnorton_antivirusMatch8.1.1.329corporate

symantecnorton_antivirusMatch8.1.1_build8.1.1.314acorporate

symantecnorton_antivirusMatch9.0corporate

symantecnorton_antivirusMatch9.0.1corporate

symantecnorton_antivirusMatch9.0.1.1.1000corporate

symantecnorton_antivirusMatch9.0.1.1000corporate

symantecnorton_antivirusMatch9.0.2corporate

symantecnorton_antivirusMatch9.0.4corporate

VendorProductVersionCPE
symantecclient_security1.0cpe:2.3:a:symantec:client_security:1.0:*:*:*:*:*:*:*
symantecclient_security1.0.1cpe:2.3:a:symantec:client_security:1.0.1:*:*:*:*:*:*:*
symantecclient_security1.0.1_build_8.01.434cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.434:mr3:*:*:*:*:*:*
symantecclient_security1.0.1_build_8.01.437cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.437:*:*:*:*:*:*:*
symantecclient_security1.0.1_build_8.01.446cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.446:mr4:*:*:*:*:*:*
symantecclient_security1.0.1_build_8.01.457cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.457:mr5:*:*:*:*:*:*
symantecclient_security1.0.1_build_8.01.460cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.460:mr6:*:*:*:*:*:*
symantecclient_security1.0.1_build_8.01.464cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.464:mr7:*:*:*:*:*:*
symantecclient_security1.0.1_build_8.01.471cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.471:mr8:*:*:*:*:*:*
symantecclient_security1.1cpe:2.3:a:symantec:client_security:1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	client_security	1.0	cpe:2.3:a:symantec:client_security:1.0:::::::*
symantec	client_security	1.0.1	cpe:2.3:a:symantec:client_security:1.0.1:::::::*
symantec	client_security	1.0.1_build_8.01.434	cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.434:mr3::::::
symantec	client_security	1.0.1_build_8.01.437	cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.437:::::::*
symantec	client_security	1.0.1_build_8.01.446	cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.446:mr4::::::
symantec	client_security	1.0.1_build_8.01.457	cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.457:mr5::::::
symantec	client_security	1.0.1_build_8.01.460	cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.460:mr6::::::
symantec	client_security	1.0.1_build_8.01.464	cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.464:mr7::::::
symantec	client_security	1.0.1_build_8.01.471	cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.471:mr8::::::
symantec	client_security	1.1	cpe:2.3:a:symantec:client_security:1.1:::::::*

Rows per page:

1-10 of 401

References

secunia.com/advisories/21884

securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html

securitytracker.com/id?1016842

www.securityfocus.com/archive/1/446293/100/0/threaded

www.securityfocus.com/bid/19986

exchange.xforce.ibmcloud.com/vulnerabilities/28937

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.025

Percentile

90.1%

JSON

Related for CVE-2006-4802