Vulnerability Name:

CVE-2006-3454 (CCN-28936)

Assigned:2006-09-13
Published:2006-09-13
Updated:2018-10-18
Summary:Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-3454

Source: MISC
Type: UNKNOWN
http://layereddefense.com/SAV13SEPT.html

Source: CCN
Type: SA21884
Symantec Products Alert Notification Two Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
21884

Source: CCN
Type: SYM06-017
Symantec AntiVirus Corporate Edition Elevation of Privilege

Source: CONFIRM
Type: Patch, Vendor Advisory
http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html

Source: CCN
Type: SECTRACK ID: 1016842
Symantec Anti Virus Corporate Edition Custom Notification Format String Bug Lets Local Users Gain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1016842

Source: CCN
Type: OSVDB ID: 28825
Symantec Multiple Products Tamper Protection Format String

Source: CCN
Type: OSVDB ID: 28826
Symantec Multiple Products Virus Alert Notification Message Format String

Source: BUGTRAQ
Type: UNKNOWN
20060914 Layered Defense Advisory :Symantec AntiVirus Corporate Edition Format String Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20060918 Symantec Security Advisory: Symantec AntiVirus Corporate Edition

Source: BID
Type: UNKNOWN
19986

Source: CCN
Type: BID-19986
Symantec AntiVirus Corporate Edition Multiple Local Format String Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2006-3599

Source: XF
Type: UNKNOWN
symantecantivirus-messages-code-execution(28936)

Source: XF
Type: UNKNOWN
symantecantivirus-messages-code-execution(28936)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:symantec:client_security:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:8.1:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.1:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.2:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:10.0:*:corporate:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:symantec:client_security:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0::corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:9.0:-:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    symantec client security 1.0
    symantec client security 1.0.1
    symantec client security 1.1
    symantec client security 1.1.1
    symantec client security 2.0
    symantec client security 2.0.1
    symantec client security 2.0.2
    symantec client security 2.0.3
    symantec client security 2.0.4
    symantec client security 3.0
    symantec norton antivirus 8.1
    symantec norton antivirus 9.0
    symantec norton antivirus 9.0.1
    symantec norton antivirus 9.0.2
    symantec norton antivirus 10.0
    symantec client security 1.0
    symantec client security 2.0.1
    symantec client security 2.0.2
    symantec client security 3.0
    symantec client security 1.1
    symantec client security 1.0.1
    symantec client security 1.1.1
    symantec client security 2.0.3
    symantec client security 2.0.4
    symantec antivirus 10.0
    symantec antivirus 9.0 -
    symantec client security 2.0