Vulnerabilities > CVE-2006-4802 - Local Format String vulnerability in Symantec Client Security and Norton Antivirus
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor.
Vulnerable Configurations
References
- http://secunia.com/advisories/21884
- http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html
- http://securitytracker.com/id?1016842
- http://www.securityfocus.com/archive/1/446293/100/0/threaded
- http://www.securityfocus.com/bid/19986
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28937