CVE-2006-3454

Description

Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/28936

http://www.vupen.com/english/advisories/2006/3599

http://www.securityfocus.com/bid/19986

http://www.securityfocus.com/archive/1/446293/100/0/threaded

http://www.securityfocus.com/archive/1/446041/100/0/threaded

http://securitytracker.com/id?1016842

http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html

http://secunia.com/advisories/21884

http://layereddefense.com/SAV13SEPT.html

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3

EPSS