CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
90.1%
Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a “second format string vulnerability” as found by the vendor.
Vendor | Product | Version | CPE |
---|---|---|---|
symantec | client_security | 1.0 | cpe:2.3:a:symantec:client_security:1.0:*:*:*:*:*:*:* |
symantec | client_security | 1.0.1 | cpe:2.3:a:symantec:client_security:1.0.1:*:*:*:*:*:*:* |
symantec | client_security | 1.0.1_build_8.01.434 | cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.434:mr3:*:*:*:*:*:* |
symantec | client_security | 1.0.1_build_8.01.437 | cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.437:*:*:*:*:*:*:* |
symantec | client_security | 1.0.1_build_8.01.446 | cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.446:mr4:*:*:*:*:*:* |
symantec | client_security | 1.0.1_build_8.01.457 | cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.457:mr5:*:*:*:*:*:* |
symantec | client_security | 1.0.1_build_8.01.460 | cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.460:mr6:*:*:*:*:*:* |
symantec | client_security | 1.0.1_build_8.01.464 | cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.464:mr7:*:*:*:*:*:* |
symantec | client_security | 1.0.1_build_8.01.471 | cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.471:mr8:*:*:*:*:*:* |
symantec | client_security | 1.1 | cpe:2.3:a:symantec:client_security:1.1:*:*:*:*:*:*:* |