Local User Vulnerabilities in Symantec Norton Personal Firewall 2006
CVE-2006-4266

Currently unrated

Key Information:

Vendor: Symantec
Status: Norton Personal Firewall
Vendor: CVE Published:; 21 August 2006

Summary

Symantec Norton Personal Firewall 2006 and earlier versions contain a vulnerability where the firewall fails to adequately protect its registry keys. This flaw enables local users to exploit the RegSaveKey and RegRestoreKey functions to alter the HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners key, which can allow the injection of Trojan horse libraries into the product. Although typically, exploiting this vulnerability requires administrative privileges, it undermines the intended security functions of the software by allowing potential unauthorized modifications to critical components, thus exposing users to increased risks.

References

http://securityreason.com/securityalert/1428

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/bid/19585

vdb-entryx_refsource_BID

http://www.matousec.com/info/advisories/Norton-DLL-faking...

x_refsource_MISC

Timeline

Vulnerability published
Aug 21, 2006
Vulnerability Reserved
Aug 21, 2006