Vulnerabilities > CVE-2006-3455 - Unspecified vulnerability in Symantec Client Security and Norton Antivirus
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function.
Vulnerable Configurations
References
- http://secunia.com/advisories/22536
- http://secunia.com/advisories/22536
- http://securitytracker.com/id?1017108
- http://securitytracker.com/id?1017108
- http://securitytracker.com/id?1017109
- http://securitytracker.com/id?1017109
- http://www.securityfocus.com/archive/1/449524/100/0/threaded
- http://www.securityfocus.com/archive/1/449524/100/0/threaded
- http://www.securityfocus.com/bid/20684
- http://www.securityfocus.com/bid/20684
- http://www.symantec.com/avcenter/security/Content/2006.10.23.html
- http://www.symantec.com/avcenter/security/Content/2006.10.23.html
- http://www.vupen.com/english/advisories/2006/4157
- http://www.vupen.com/english/advisories/2006/4157
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29762
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29762