CVE-2006-3455

3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 77.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Symantec Client SecuritySymantec Norton Antivirus
Timeline
PublishedOct 23
Latest updateMay 1

Description

The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.1 | Impact: 6.4

Affected Packages2 packages

NVDsymantec/client_security19 versions+18
NVDsymantec/norton_antivirus22 versions+21

Patches

Patch: www.symantec.comPatch: www.symantec.com

🔴Vulnerability Details

2
GHSA
GHSA-726x-q3rw-h4cp: The SAVRT2022-05-01
CVEList
CVE-2006-3455: The SAVRT2006-10-23
CVE-2006-3455 (MEDIUM CVSS 4.3) | The SAVRT.SYS device driver | cvebase.io