CVE-2006-3454Use of Externally-Controlled Format String in Client Security

3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 75.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Symantec Client SecuritySymantec Norton Antivirus
Timeline
PublishedSep 14
Latest updateMay 1

Description

Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

NVDsymantec/client_security10 versions+9
NVDsymantec/norton_antivirus5 versions+4

Patches

Patch: securityresponse.symantec.comPatch: securityresponse.symantec.com

🔴Vulnerability Details

2
GHSA
GHSA-7w82-pwgm-97m7: Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 82022-05-01
CVEList
CVE-2006-3454: Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 82006-09-14
CVE-2006-3454 — Symantec Client Security vulnerability | cvebase