Vulnerabilities > CVE-2006-4855 - Resource Management Errors vulnerability in Symantec products

CVSS 4.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

local

low complexity

symantec

CWE-399

exploit available

NVD

Published: 2006-09-19

Updated: 2018-10-17

Summary

The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.

Vulnerable Configurations

Part	Description	Count
Application	Symantec Symantec Client Security 1.0 Symantec Client Security 1.0.0_B8.01.9378 Symantec Client Security 1.0.1 Symantec Client Security 1.0.1_Build_8.01.425A Symantec Client Security 1.0.1_Build_8.01.429C Symantec Client Security 1.0.1_Build_8.01.434 Symantec Client Security 1.0.1_Build_8.01.437 Symantec Client Security 1.0.1_Build_8.01.446 Symantec Client Security 1.0.1_Build_8.01.457 Symantec Client Security 1.0.1_Build_8.01.460 Symantec Client Security 1.0.1_Build_8.01.464 Symantec Client Security 1.0.1_Build_8.01.471 Symantec Client Security 1.0.1_Build_8.01.501 Symantec Client Security 1.0_Build_8.01.9374 Symantec Client Security 1.1 Symantec Client Security 1.1.1 Symantec Client Security 1.1.1_Build_393 Symantec Client Security 1.1.1_Mr1_Build_8.1.1.314A Symantec Client Security 1.1.1_Mr2_Build_8.1.1.319 Symantec Client Security 1.1.1_Mr3_Build_8.1.1.323 Symantec Client Security 1.1.1_Mr4_Build_8.1.1.329 Symantec Client Security 1.1.1_Mr5_Build_8.1.1.336 Symantec Client Security 1.1.1_Mr6_B8.1.1.266 Symantec Client Security 1.1_Stm_B8.1.0.825A Symantec Client Security 2.0 Symantec Client Security 2.0.1_Build_9.0.1.1000 Symantec Client Security 2.0.2_Build_9.0.2.1000 Symantec Client Security 2.0.3_Build_9.0.3.1000 Symantec Client Security 2.0.5_Build_1100 Symantec Client Security 2.0_Scf_7.1 Symantec Client Security 2.0_Stm_Build_9.0.0.338 Symantec Client Security 3.0 Symantec Client Security 3.1 Symantec Host IDS * Symantec Norton Antivirus 2.1 Symantec Norton Antivirus 8.0 Symantec Norton Antivirus 8.0.1 Symantec Norton Antivirus 8.0.1.425A Symantec Norton Antivirus 8.0.1.425C Symantec Norton Antivirus 8.0.1.501 Symantec Norton Antivirus 8.0.1.9374 Symantec Norton Antivirus 8.0.1.9378 Symantec Norton Antivirus 8.1 Symantec Norton Antivirus 8.1.0.825A Symantec Norton Antivirus 8.1.1 Symantec Norton Antivirus 8.1.1.319 Symantec Norton Antivirus 8.1.1.323 Symantec Norton Antivirus 8.1.1.329 Symantec Norton Antivirus 8.1.1.366 Symantec Norton Antivirus 8.1.1.377 Symantec Norton Antivirus 8.1.1_Build8.1.1.314A Symantec Norton Antivirus 8.1.1_Build393 Symantec Norton Antivirus 8.01.434 Symantec Norton Antivirus 8.01.437 Symantec Norton Antivirus 8.01.446 Symantec Norton Antivirus 8.01.457 Symantec Norton Antivirus 8.01.460 Symantec Norton Antivirus 8.01.464 Symantec Norton Antivirus 8.01.471 Symantec Norton Antivirus 9.0 Symantec Norton Antivirus 9.0.0.338 Symantec Norton Antivirus 9.0.1.1.1000 Symantec Norton Antivirus 9.0.2.1000 Symantec Norton Antivirus 9.0.3.1000 Symantec Norton Antivirus 9.0.4 Symantec Norton Antivirus 9.0.5 Symantec Norton Antivirus 9.0.5.1100 Symantec Norton Antivirus 10.0 Symantec Norton Antivirus 10.0.2.2000 Symantec Norton Antivirus 10.0.2.2001 Symantec Norton Antivirus 10.0.2.2002 Symantec Norton Antivirus 10.0.2.2010 Symantec Norton Antivirus 10.0.2.2011 Symantec Norton Antivirus 10.0.2.2020 Symantec Norton Antivirus 10.0.2.2021 Symantec Norton Antivirus 10.1 Symantec Norton Antivirus 2003 Symantec Norton Antivirus 2004 Symantec Norton Antivirus 2005 Symantec Norton Antivirus 2006 Symantec Norton Antivirus 2007 Symantec Norton Internet Security 2003 Symantec Norton Internet Security 2004 Symantec Norton Internet Security 2005 Symantec Norton Internet Security 2006 Symantec Norton Internet Security 2007 Symantec Norton Personal Firewall 2003 Symantec Norton Personal Firewall 2004 Symantec Norton Personal Firewall 2005 Symantec Norton Personal Firewall 2006 Symantec Norton System Works 2003_Professional_Edition Symantec Norton System Works 2004 Symantec Norton System Works 2004_Professional_Edition Symantec Norton System Works 2005 Symantec Norton System Works 2005_Premier Symantec Norton System Works 2006 Symantec Pcanywhere 11.5	101

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Exploit-Db

description	Symantec Multiple Products SymEvent Driver Local Denial of Service Vulnerability. CVE-2006-4855. Dos exploit for windows platform
id	EDB-ID:28588
last seen	2016-02-03
modified	2006-09-15
published	2006-09-15
reporter	David Matousek
source	https://www.exploit-db.com/download/28588/
title	Symantec Multiple Products SymEvent Driver Local Denial of Service Vulnerability

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References