Vulnerability Description
Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using RegSaveKey and RegRestoreKey to modify HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners, as demonstrated using NISProd.dll. NOTE: in most cases, this attack would not cross privilege boundaries, because modifying the SuiteOwners key requires administrative privileges. However, this issue is a vulnerability because the product's functionality is intended to protect against privileged actions such as this.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Norton Personal Firewall | <= 2006_9.1.0.33 |
References
- http://securityreason.com/securityalert/1428
- http://www.matousec.com/info/advisories/Norton-DLL-faking-via-SuiteOwners-protec
- http://www.securityfocus.com/archive/1/443632/100/0/threaded
- http://www.securityfocus.com/bid/19585
- http://securityreason.com/securityalert/1428
- http://www.matousec.com/info/advisories/Norton-DLL-faking-via-SuiteOwners-protec
- http://www.securityfocus.com/archive/1/443632/100/0/threaded
- http://www.securityfocus.com/bid/19585
FAQ
What is CVE-2006-4266?
CVE-2006-4266 is a vulnerability with a CVSS score of 3.6 (LOW). Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using Reg...
How severe is CVE-2006-4266?
CVE-2006-4266 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4266?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Norton Personal Firewall.