Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-2630 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Client Security

4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

78.9%

top 0.94%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Symantec Client Security Symantec Norton Antivirus

Timeline

PublishedMay 27

Latest updateMay 1

Description

Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDsymantec/client_security6 versions+5

▶NVDsymantec/norton_antivirus6 versions+5

Patches

Patch: secunia.com ↗Patch: securityresponse.symantec.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-33qj-7hm4-jp7v: Stack-based buffer overflow in Symantec Antivirus 10↗2022-05-01

▶

CVEList

CVE-2006-2630: Stack-based buffer overflow in Symantec Antivirus 10↗2006-05-27

▶

💥Exploits & PoCs

Exploit-DB

Symantec Remote Management - Remote Buffer Overflow (Metasploit)↗2010-05-09

▶