Lucene search

[email protected]CVE-2006-4855

HistorySep 19, 2006 - 6:07 p.m.

CVE-2006-4855

2006-09-1918:07:00

CWE-399

[email protected]

web.nvd.nist.gov

symantec

norton personal firewall

denial of service

cve-2006-4855

nvd

6.3 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.

CPENameOperatorVersion
symantec:norton_antivirussymantec norton antiviruseq10.1
symantec:client_securitysymantec client securityeq3.0
symantec:norton_antivirussymantec norton antiviruseq2004
symantec:norton_internet_securitysymantec norton internet securityeq2006
symantec:norton_internet_securitysymantec norton internet securityeq2004
symantec:client_securitysymantec client securityeq1.0.1
symantec:client_securitysymantec client securityeq1.0.0_b8.01.9378
symantec:norton_antivirussymantec norton antiviruseq9.0.2.1000
symantec:client_securitysymantec client securityeq1.0.1_build_8.01.460
symantec:norton_antivirussymantec norton antiviruseq9.0.3.1000

CPE	Name	Operator	Version
symantec:norton_antivirus	symantec norton antivirus	eq	10.1
symantec:client_security	symantec client security	eq	3.0
symantec:norton_antivirus	symantec norton antivirus	eq	2004
symantec:norton_internet_security	symantec norton internet security	eq	2006
symantec:norton_internet_security	symantec norton internet security	eq	2004
symantec:client_security	symantec client security	eq	1.0.1
symantec:client_security	symantec client security	eq	1.0.0_b8.01.9378
symantec:norton_antivirus	symantec norton antivirus	eq	9.0.2.1000
symantec:client_security	symantec client security	eq	1.0.1_build_8.01.460
symantec:norton_antivirus	symantec norton antivirus	eq	9.0.3.1000

Rows per page:

1-10 of 971

References

secunia.com/advisories/21938

securityreason.com/securityalert/1591

securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html

securitytracker.com/id?1016889

securitytracker.com/id?1016892

securitytracker.com/id?1016893

securitytracker.com/id?1016894

securitytracker.com/id?1016895

securitytracker.com/id?1016896

securitytracker.com/id?1016897

securitytracker.com/id?1016898

www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php

www.securityfocus.com/archive/1/446111/100/0/threaded

www.securityfocus.com/bid/20051

www.vupen.com/english/advisories/2006/3636

exchange.xforce.ibmcloud.com/vulnerabilities/28960

6.3 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2006-4855

securityvulns2 prion2 cve2