Lucene search

[email protected]CVE-2006-3455

HistoryOct 23, 2006 - 8:07 p.m.

CVE-2006-3455

2006-10-2320:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

symantec

antivirus

savrt.sys

arbitrary code execution

vulnerability

cve-2006-3455

nvd

7.5 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

25.3%

JSON

The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function.

CPENameOperatorVersion
symantec:norton_antivirussymantec norton antiviruseq9.0.2.1000
symantec:norton_antivirussymantec norton antiviruseq8.01.460
symantec:client_securitysymantec client securityeq2.0.1_build_9.0.1.1000
symantec:client_securitysymantec client securityeq2.0.3_build_9.0.3.1000
symantec:norton_antivirussymantec norton antiviruseq9.0.2
symantec:client_securitysymantec client securityeq1.1.1_build_393
symantec:norton_antivirussymantec norton antiviruseq8.01.437
symantec:client_securitysymantec client securityeq1.1.1_mr1_build_8.1.1.314a
symantec:norton_antivirussymantec norton antiviruseq8.1.1_build393
symantec:norton_antivirussymantec norton antiviruseq8.1.1.323

CPE	Name	Operator	Version
symantec:norton_antivirus	symantec norton antivirus	eq	9.0.2.1000
symantec:norton_antivirus	symantec norton antivirus	eq	8.01.460
symantec:client_security	symantec client security	eq	2.0.1_build_9.0.1.1000
symantec:client_security	symantec client security	eq	2.0.3_build_9.0.3.1000
symantec:norton_antivirus	symantec norton antivirus	eq	9.0.2
symantec:client_security	symantec client security	eq	1.1.1_build_393
symantec:norton_antivirus	symantec norton antivirus	eq	8.01.437
symantec:client_security	symantec client security	eq	1.1.1_mr1_build_8.1.1.314a
symantec:norton_antivirus	symantec norton antivirus	eq	8.1.1_build393
symantec:norton_antivirus	symantec norton antivirus	eq	8.1.1.323

Rows per page:

1-10 of 411

References

secunia.com/advisories/22536

securitytracker.com/id?1017108

securitytracker.com/id?1017109

www.securityfocus.com/archive/1/449524/100/0/threaded

www.securityfocus.com/bid/20684

www.symantec.com/avcenter/security/Content/2006.10.23.html

www.vupen.com/english/advisories/2006/4157

exchange.xforce.ibmcloud.com/vulnerabilities/29762

7.5 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

25.3%

JSON

Related for CVE-2006-3455

securityvulns1 cvelist1 symantec1