Vulnerability Description
The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Client Security | 1.0 |
| Symantec | Host Ids | All versions |
| Symantec | Norton Antivirus | 2.1 |
| Symantec | Norton Internet Security | 2003 |
| Symantec | Norton Personal Firewall | 2003 |
| Symantec | Norton System Works | 2003_professional_edition |
| Symantec | Pcanywhere | 11.5 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/21938Vendor Advisory
- http://securityreason.com/securityalert/1591
- http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html
- http://securitytracker.com/id?1016889
- http://securitytracker.com/id?1016892
- http://securitytracker.com/id?1016893
- http://securitytracker.com/id?1016894
- http://securitytracker.com/id?1016895
- http://securitytracker.com/id?1016896
- http://securitytracker.com/id?1016897
- http://securitytracker.com/id?1016898
- http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEveVendor Advisory
- http://www.securityfocus.com/archive/1/446111/100/0/threaded
- http://www.securityfocus.com/bid/20051Exploit
- http://www.vupen.com/english/advisories/2006/3636Vendor Advisory
FAQ
What is CVE-2006-4855?
CVE-2006-4855 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS ...
How severe is CVE-2006-4855?
CVE-2006-4855 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4855?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Client Security, Symantec Host Ids, Symantec Norton Antivirus, Symantec Norton Internet Security, Symantec Norton Personal Firewall.