Privilege Escalation Vulnerability in Symantec AntiVirus and Client Security
CVE-2006-3455

Currently unrated

Key Information:

Vendor: Symantec
Status: Norton Antivirus; Client Security
Vendor: CVE Published:; 23 October 2006

Summary

The SAVRT.SYS device driver, utilized in various versions of Symantec AntiVirus Corporate Edition and Symantec Client Security, is susceptible to manipulation by local users. By providing a modified address for the output buffer argument to the DeviceIOControl function, an attacker could execute arbitrary code. This flaw poses significant security risks, allowing unauthorized users to gain elevated privileges within the system.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/29762

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/20684

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2006/4157

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Oct 23, 2006
Vulnerability Reserved
Jul 7, 2006