Description
Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28937
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/19986
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21884
Various Sources x_refsource_confirm
http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/446293/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1016842
Scores
EPSS
0.0008
EPSS Percentile
24.1%
Details
Status
published
Products (40)
symantec/client_security
1.0
symantec/client_security
1.0.1
symantec/client_security
1.0.1_build_8.01.434 mr3
symantec/client_security
1.0.1_build_8.01.437
symantec/client_security
1.0.1_build_8.01.446 mr4
symantec/client_security
1.0.1_build_8.01.457 mr5
symantec/client_security
1.0.1_build_8.01.460 mr6
symantec/client_security
1.0.1_build_8.01.464 mr7
symantec/client_security
1.0.1_build_8.01.471 mr8
symantec/client_security
1.1
... and 30 more
Published
Sep 14, 2006
Tracked Since
Feb 18, 2026