Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4855

CWE-3994 documents4 sources

Severity

4.9MEDIUM

EPSS

0.3%

top 48.57%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Symantec Client Security Symantec Norton Antivirus Symantec Norton Internet Security +3 more

Timeline

PublishedSep 19

Latest updateMay 1

Description

The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages6 packages

▶NVDsymantec/norton_personal_firewall4 versions+3

▶NVDsymantec/norton_internet_security5 versions+4

▶NVDsymantec/norton_antivirus47 versions+46

▶NVDsymantec/norton_system_works6 versions+5

▶NVDsymantec/client_security33 versions+32

🔴Vulnerability Details

GHSA

GHSA-76wv-4mx9-c373: The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9↗2022-05-01

▶

CVEList

CVE-2006-4855: The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9↗2006-09-19

▶

💥Exploits & PoCs

Exploit-DB

Symantec (Multiple Products) - 'SymEvent' Driver Local Denial of Service↗2006-09-15

▶