CVE-2006-4802

3 documents3 sources
Severity
4.6MEDIUM
EPSS
0.1%
top 75.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Symantec Client SecuritySymantec Norton Antivirus
Timeline
PublishedSep 14
Latest updateMay 1

Description

Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

NVDsymantec/client_security29 versions+28
NVDsymantec/norton_antivirus11 versions+10

🔴Vulnerability Details

2
GHSA
GHSA-g9vf-rjj3-hjhg: Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 82022-05-01
CVEList
CVE-2006-4802: Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 82006-09-14
CVE-2006-4802 (MEDIUM CVSS 4.6) | Format string vulnerability in the | cvebase.io