Vulnerability Name:

CVE-2006-4266 (CCN-28513)

Assigned:2006-08-18
Published:2006-08-18
Updated:2018-10-17
Summary:Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using RegSaveKey and RegRestoreKey to modify HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners, as demonstrated using NISProd.dll.
Note: in most cases, this attack would not cross privilege boundaries, because modifying the SuiteOwners key requires administrative privileges. However, this issue is a vulnerability because the product's functionality is intended to protect against privileged actions such as this.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N)
2.9 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: BugTraq Mailing List, Fri Aug 18 2006 - 11:07:35 CDT
Norton DLL faking via 'SuiteOwners' protection bypass Vulnerability

Source: MITRE
Type: CNA
CVE-2006-4266

Source: SREASON
Type: UNKNOWN
1428

Source: CCN
Type: Matousec Advisory 2006-08-15.01
Norton DLL faking via 'SuiteOwners' protection bypass

Source: MISC
Type: UNKNOWN
http://www.matousec.com/info/advisories/Norton-DLL-faking-via-SuiteOwners-protection-bypass.php

Source: BUGTRAQ
Type: UNKNOWN
20060818 Norton DLL faking via 'SuiteOwners' protection bypass Vulnerability

Source: BID
Type: UNKNOWN
19585

Source: CCN
Type: BID-19585
RETIRED: Symantec Norton Personal Firewall SuiteOwners Registry Key Security Bypass Vulnerability

Source: CCN
Type: Norton Personal Firewall Web site
Norton Personal Firewall: Overview - Symantec Corp.

Source: XF
Type: UNKNOWN
norton-suiteowners-security-bypass(28513)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:symantec:norton_personal_firewall:*:*:*:*:*:*:*:* (Version <= 2006_9.1.0.33)

    • Configuration CCN 1:
  • cpe:/a:symantec:norton_personal_firewall:2006_9.1.0.33:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    symantec norton personal firewall *
    symantec norton personal firewall 2006_9.1.0.33