CVE-2006-3454

Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.

Affected Software

Name	Vendor	Start Version	End Version
Client_security	Symantec	1.0 (including)	1.0 (including)
Client_security	Symantec	1.0.1 (including)	1.0.1 (including)
Client_security	Symantec	1.1 (including)	1.1 (including)
Client_security	Symantec	1.1.1 (including)	1.1.1 (including)
Client_security	Symantec	2.0 (including)	2.0 (including)
Client_security	Symantec	2.0.1 (including)	2.0.1 (including)
Client_security	Symantec	2.0.2 (including)	2.0.2 (including)
Client_security	Symantec	2.0.3 (including)	2.0.3 (including)
Client_security	Symantec	2.0.4 (including)	2.0.4 (including)
Client_security	Symantec	3.0 (including)	3.0 (including)
Norton_antivirus	Symantec	8.1 (including)	8.1 (including)
Norton_antivirus	Symantec	9.0 (including)	9.0 (including)
Norton_antivirus	Symantec	9.0.1 (including)	9.0.1 (including)
Norton_antivirus	Symantec	9.0.2 (including)	9.0.2 (including)
Norton_antivirus	Symantec	10.0 (including)	10.0 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-3454
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References