Detections
Analytics

CVE-2006-4855

medium

Description

The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/28960

http://www.vupen.com/english/advisories/2006/3636

http://www.securityfocus.com/archive/1/446111/100/0/threaded

http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php

http://securitytracker.com/id?1016898

http://securitytracker.com/id?1016897

http://securitytracker.com/id?1016896

http://securitytracker.com/id?1016895

http://securitytracker.com/id?1016894

http://securitytracker.com/id?1016893

http://securitytracker.com/id?1016892

http://securitytracker.com/id?1016889

http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html

http://securityreason.com/securityalert/1591

http://secunia.com/advisories/21938

Details

Source: Mitre, NVD

Published: 2006-09-19

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00252