Vulnerability Description
Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Client Security | 1.0 |
| Symantec | Norton Antivirus | 8.1 |
References
- http://secunia.com/advisories/21884Vendor Advisory
- http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html
- http://securitytracker.com/id?1016842
- http://www.securityfocus.com/archive/1/446293/100/0/threaded
- http://www.securityfocus.com/bid/19986
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28937
- http://secunia.com/advisories/21884Vendor Advisory
- http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html
- http://securitytracker.com/id?1016842
- http://www.securityfocus.com/archive/1/446293/100/0/threaded
- http://www.securityfocus.com/bid/19986
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28937
FAQ
What is CVE-2006-4802?
CVE-2006-4802 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code ...
How severe is CVE-2006-4802?
CVE-2006-4802 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4802?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Client Security, Symantec Norton Antivirus.