CVE-2006-4802

high

Description

Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/28937

http://www.securityfocus.com/bid/19986

http://www.securityfocus.com/archive/1/446293/100/0/threaded

http://securitytracker.com/id?1016842

http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html

http://secunia.com/advisories/21884

Details

Source: Mitre, NVD

Published: 2006-09-14

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.0008