SAINT CorporationSAINT:CB1923105A44CBF09A8DDAAFEB7CD380Symantec real-time scan service buffer overflow
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%
Added: 06/13/2006
CVE: CVE-2006-2630
BID: 18107
OSVDB: 25846
Background
Various Symantec products include a real-time virus scan service.
Problem
A buffer overflow in the real-time virus scan service allows remote attackers to execute arbitrary commands.
Resolution
Apply patch SYM06-010.
References
<http://www.kb.cert.org/vuls/id/404910>
Limitations
Exploit works on Symantec Client Security 3.0 with **rtvscan.exe** version 10.0.0.359. In order for the exploit to succeed, the Auto-Detect option and the Client Scan Log Forwarding option must be enabled. The Client Scan Log Forwarding option is enabled if the following registry value is 1:
Key: HKEY_LOCAL_MACHINE\Software\Intel\LANDesk\VirusProtect6\CurrentVersion\ForwardScan
Value: NTCommonConfiguration = 1
Platforms
Windows
Windows Server 2003
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%