Format String Vulnerability in Symantec AntiVirus Corporate Edition and Client Security
CVE-2006-3454

Currently unrated

Key Information:

Vendor: Symantec
Status: Client Security; Norton Antivirus
Vendor: CVE Published:; 14 September 2006

Summary

Multiple format string vulnerabilities exist in Symantec AntiVirus Corporate Edition versions 8.1 to 10.0 and Client Security versions 1.x to 3.0. These vulnerabilities allow local users to execute arbitrary code by manipulating format strings in Tamper Protection and Virus Alert Notification messages. An attacker could potentially exploit this vulnerability to gain unauthorized access or control over the affected system.

References

http://securitytracker.com/id?1016842

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/28936

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/446041/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Sep 14, 2006
Vulnerability Reserved
Jul 7, 2006