Vulnerability Description
Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Client Security | 1.0 |
| Symantec | Norton Antivirus | 8.1 |
References
- http://layereddefense.com/SAV13SEPT.html
- http://secunia.com/advisories/21884
- http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.htmlPatchVendor Advisory
- http://securitytracker.com/id?1016842
- http://www.securityfocus.com/archive/1/446041/100/0/threaded
- http://www.securityfocus.com/archive/1/446293/100/0/threaded
- http://www.securityfocus.com/bid/19986
- http://www.vupen.com/english/advisories/2006/3599
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28936
- http://layereddefense.com/SAV13SEPT.html
- http://secunia.com/advisories/21884
- http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.htmlPatchVendor Advisory
- http://securitytracker.com/id?1016842
- http://www.securityfocus.com/archive/1/446041/100/0/threaded
- http://www.securityfocus.com/archive/1/446293/100/0/threaded
FAQ
What is CVE-2006-3454?
CVE-2006-3454 is a vulnerability with a CVSS score of 7.2 (HIGH). Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) ...
How severe is CVE-2006-3454?
CVE-2006-3454 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3454?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Client Security, Symantec Norton Antivirus.