Added: 06/13/2006
CVE: CVE-2006-2630
BID: 18107
OSVDB: 25846
Various Symantec products include a real-time virus scan service.
A buffer overflow in the real-time virus scan service allows remote attackers to execute arbitrary commands.
Apply patch SYM06-010.
<http://www.kb.cert.org/vuls/id/404910>
Exploit works on Symantec Client Security 3.0 with **rtvscan.exe**
version 10.0.0.359. In order for the exploit to succeed, the Auto-Detect option and the Client Scan Log Forwarding option must be enabled. The Client Scan Log Forwarding option is enabled if the following registry value is 1:
Key: HKEY_LOCAL_MACHINE\Software\Intel\LANDesk\VirusProtect6\CurrentVersion\ForwardScan
Value: NTCommonConfiguration
= 1
Windows
Windows Server 2003