Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Client_security | Symantec | 1.0 (including) | 1.0 (including) |
| Client_security | Symantec | 1.0.1 (including) | 1.0.1 (including) |
| Client_security | Symantec | 1.1 (including) | 1.1 (including) |
| Client_security | Symantec | 1.1.1 (including) | 1.1.1 (including) |
| Client_security | Symantec | 2.0 (including) | 2.0 (including) |
| Client_security | Symantec | 2.0.1 (including) | 2.0.1 (including) |
| Client_security | Symantec | 2.0.2 (including) | 2.0.2 (including) |
| Client_security | Symantec | 2.0.3 (including) | 2.0.3 (including) |
| Client_security | Symantec | 2.0.4 (including) | 2.0.4 (including) |
| Client_security | Symantec | 3.0 (including) | 3.0 (including) |
| Norton_antivirus | Symantec | 8.1 (including) | 8.1 (including) |
| Norton_antivirus | Symantec | 9.0 (including) | 9.0 (including) |
| Norton_antivirus | Symantec | 9.0.1 (including) | 9.0.1 (including) |
| Norton_antivirus | Symantec | 9.0.2 (including) | 9.0.2 (including) |
| Norton_antivirus | Symantec | 10.0 (including) | 10.0 (including) |