CVE Vulnerabilities

CVE-2006-3454

Published: Sep 14, 2006 | Modified: Oct 18, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.

Affected Software

Name Vendor Start Version End Version
Client_security Symantec 1.0 (including) 1.0 (including)
Client_security Symantec 1.0.1 (including) 1.0.1 (including)
Client_security Symantec 1.1 (including) 1.1 (including)
Client_security Symantec 1.1.1 (including) 1.1.1 (including)
Client_security Symantec 2.0 (including) 2.0 (including)
Client_security Symantec 2.0.1 (including) 2.0.1 (including)
Client_security Symantec 2.0.2 (including) 2.0.2 (including)
Client_security Symantec 2.0.3 (including) 2.0.3 (including)
Client_security Symantec 2.0.4 (including) 2.0.4 (including)
Client_security Symantec 3.0 (including) 3.0 (including)
Norton_antivirus Symantec 8.1 (including) 8.1 (including)
Norton_antivirus Symantec 9.0 (including) 9.0 (including)
Norton_antivirus Symantec 9.0.1 (including) 9.0.1 (including)
Norton_antivirus Symantec 9.0.2 (including) 9.0.2 (including)
Norton_antivirus Symantec 10.0 (including) 10.0 (including)

References