CVE-2006-3455

The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function.

Affected Software

Name	Vendor	Start Version	End Version
Client_security	Symantec	1.1 (including)	1.1 (including)
Client_security	Symantec	1.1.1 (including)	1.1.1 (including)
Client_security	Symantec	1.1.1_build_393 (including)	1.1.1_build_393 (including)
Client_security	Symantec	1.1.1_mr1_build_8.1.1.314a (including)	1.1.1_mr1_build_8.1.1.314a (including)
Client_security	Symantec	1.1.1_mr2_build_8.1.1.319 (including)	1.1.1_mr2_build_8.1.1.319 (including)
Client_security	Symantec	1.1.1_mr3_build_8.1.1.323 (including)	1.1.1_mr3_build_8.1.1.323 (including)
Client_security	Symantec	1.1.1_mr4_build_8.1.1.329 (including)	1.1.1_mr4_build_8.1.1.329 (including)
Client_security	Symantec	1.1.1_mr5_build_8.1.1.336 (including)	1.1.1_mr5_build_8.1.1.336 (including)
Client_security	Symantec	1.1.1_mr6_b8.1.1.266 (including)	1.1.1_mr6_b8.1.1.266 (including)
Client_security	Symantec	1.1_stm_b8.1.0.825a (including)	1.1_stm_b8.1.0.825a (including)
Client_security	Symantec	2.0 (including)	2.0 (including)
Client_security	Symantec	2.0.1 (including)	2.0.1 (including)
Client_security	Symantec	2.0.1_build_9.0.1.1000-mr1 (including)	2.0.1_build_9.0.1.1000-mr1 (including)
Client_security	Symantec	2.0.2 (including)	2.0.2 (including)
Client_security	Symantec	2.0.2_build_9.0.2.1000-mr2 (including)	2.0.2_build_9.0.2.1000-mr2 (including)
Client_security	Symantec	2.0.3 (including)	2.0.3 (including)
Client_security	Symantec	2.0.3_build_9.0.3.1000-mr3 (including)	2.0.3_build_9.0.3.1000-mr3 (including)
Client_security	Symantec	2.0_scf_7.1 (including)	2.0_scf_7.1 (including)
Client_security	Symantec	2.0_stm_build_9.0.0.338 (including)	2.0_stm_build_9.0.0.338 (including)
Norton_antivirus	Symantec	8.1 (including)	8.1 (including)
Norton_antivirus	Symantec	8.1.0.825a (including)	8.1.0.825a (including)
Norton_antivirus	Symantec	8.1.1 (including)	8.1.1 (including)
Norton_antivirus	Symantec	8.1.1.319 (including)	8.1.1.319 (including)
Norton_antivirus	Symantec	8.1.1.323 (including)	8.1.1.323 (including)
Norton_antivirus	Symantec	8.1.1.329 (including)	8.1.1.329 (including)
Norton_antivirus	Symantec	8.1.1.366 (including)	8.1.1.366 (including)
Norton_antivirus	Symantec	8.1.1.377 (including)	8.1.1.377 (including)
Norton_antivirus	Symantec	8.1.1_build8.1.1.314a (including)	8.1.1_build8.1.1.314a (including)
Norton_antivirus	Symantec	8.1.1_build393 (including)	8.1.1_build393 (including)
Norton_antivirus	Symantec	8.01.434 (including)	8.01.434 (including)
Norton_antivirus	Symantec	8.01.437 (including)	8.01.437 (including)
Norton_antivirus	Symantec	8.01.446 (including)	8.01.446 (including)
Norton_antivirus	Symantec	8.01.457 (including)	8.01.457 (including)
Norton_antivirus	Symantec	8.01.460 (including)	8.01.460 (including)
Norton_antivirus	Symantec	8.01.464 (including)	8.01.464 (including)
Norton_antivirus	Symantec	8.01.471 (including)	8.01.471 (including)
Norton_antivirus	Symantec	9.0.1 (including)	9.0.1 (including)
Norton_antivirus	Symantec	9.0.1.1.1000 (including)	9.0.1.1.1000 (including)
Norton_antivirus	Symantec	9.0.1.1000 (including)	9.0.1.1000 (including)
Norton_antivirus	Symantec	9.0.2 (including)	9.0.2 (including)
Norton_antivirus	Symantec	9.0.2.1000 (including)	9.0.2.1000 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-3455
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References