CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
44.3%
Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.
Vendor | Product | Version | CPE |
---|---|---|---|
symantec | client_security | 1.0 | cpe:2.3:a:symantec:client_security:1.0:*:*:*:*:*:*:* |
symantec | client_security | 1.0.1 | cpe:2.3:a:symantec:client_security:1.0.1:*:*:*:*:*:*:* |
symantec | client_security | 1.1 | cpe:2.3:a:symantec:client_security:1.1:*:*:*:*:*:*:* |
symantec | client_security | 1.1.1 | cpe:2.3:a:symantec:client_security:1.1.1:*:*:*:*:*:*:* |
symantec | client_security | 2.0 | cpe:2.3:a:symantec:client_security:2.0:*:*:*:*:*:*:* |
symantec | client_security | 2.0.1 | cpe:2.3:a:symantec:client_security:2.0.1:*:*:*:*:*:*:* |
symantec | client_security | 2.0.2 | cpe:2.3:a:symantec:client_security:2.0.2:*:*:*:*:*:*:* |
symantec | client_security | 2.0.3 | cpe:2.3:a:symantec:client_security:2.0.3:*:*:*:*:*:*:* |
symantec | client_security | 2.0.4 | cpe:2.3:a:symantec:client_security:2.0.4:*:*:*:*:*:*:* |
symantec | client_security | 3.0 | cpe:2.3:a:symantec:client_security:3.0:*:*:*:*:*:*:* |
layereddefense.com/SAV13SEPT.html
secunia.com/advisories/21884
securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html
securitytracker.com/id?1016842
www.securityfocus.com/archive/1/446041/100/0/threaded
www.securityfocus.com/archive/1/446293/100/0/threaded
www.securityfocus.com/bid/19986
www.vupen.com/english/advisories/2006/3599
exchange.xforce.ibmcloud.com/vulnerabilities/28936