Vulnerability Description
The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Client Security | 1.1 |
| Symantec | Norton Antivirus | 8.1 |
References
- http://secunia.com/advisories/22536
- http://securitytracker.com/id?1017108
- http://securitytracker.com/id?1017109
- http://www.securityfocus.com/archive/1/449524/100/0/threaded
- http://www.securityfocus.com/bid/20684
- http://www.symantec.com/avcenter/security/Content/2006.10.23.htmlPatch
- http://www.vupen.com/english/advisories/2006/4157
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29762
- http://secunia.com/advisories/22536
- http://securitytracker.com/id?1017108
- http://securitytracker.com/id?1017109
- http://www.securityfocus.com/archive/1/449524/100/0/threaded
- http://www.securityfocus.com/bid/20684
- http://www.symantec.com/avcenter/security/Content/2006.10.23.htmlPatch
- http://www.vupen.com/english/advisories/2006/4157
FAQ
What is CVE-2006-3455?
CVE-2006-3455 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary ...
How severe is CVE-2006-3455?
CVE-2006-3455 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3455?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Client Security, Symantec Norton Antivirus.