Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-4802

Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor.

Published

2006-09-14T22:07:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.6 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

3.9

Impact Score

6.4

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application symantec client_security 1.0 Yes
Application symantec client_security 1.0.1 Yes
Application symantec client_security 1.0.1_build_8.01.434 Yes
Application symantec client_security 1.0.1_build_8.01.437 Yes
Application symantec client_security 1.0.1_build_8.01.446 Yes
Application symantec client_security 1.0.1_build_8.01.457 Yes
Application symantec client_security 1.0.1_build_8.01.460 Yes
Application symantec client_security 1.0.1_build_8.01.464 Yes
Application symantec client_security 1.0.1_build_8.01.471 Yes
Application symantec client_security 1.1 Yes
Application symantec client_security 1.1.1 Yes
Application symantec client_security 1.1.1_mr1_build_8.1.1.314a Yes
Application symantec client_security 1.1.1_mr2_build_8.1.1.319 Yes
Application symantec client_security 1.1.1_mr3_build_8.1.1.323 Yes
Application symantec client_security 1.1.1_mr4_build_8.1.1.329 Yes
Application symantec client_security 1.1.1_mr5_build_8.1.1.336 Yes
Application symantec client_security 1.2 Yes
Application symantec client_security 1.3 Yes
Application symantec client_security 1.4 Yes
Application symantec client_security 1.5 Yes
Application symantec client_security 1.6 Yes
Application symantec client_security 1.7 Yes
Application symantec client_security 1.8 Yes
Application symantec client_security 1.9 Yes
Application symantec client_security 2.0 Yes
Application symantec client_security 2.0.1 Yes
Application symantec client_security 2.0.2 Yes
Application symantec client_security 2.0.3 Yes
Application symantec client_security 2.0.4 Yes
Application symantec norton_antivirus 8.1 Yes
Application symantec norton_antivirus 8.1.1.319 Yes
Application symantec norton_antivirus 8.1.1.323 Yes
Application symantec norton_antivirus 8.1.1.329 Yes
Application symantec norton_antivirus 8.1.1_build8.1.1.314a Yes
Application symantec norton_antivirus 9.0 Yes
Application symantec norton_antivirus 9.0.1 Yes
Application symantec norton_antivirus 9.0.1.1.1000 Yes
Application symantec norton_antivirus 9.0.1.1000 Yes
Application symantec norton_antivirus 9.0.2 Yes
Application symantec norton_antivirus 9.0.4 Yes
References