FKIE_CVE-2006-4802

Vulnerability from fkie_nvd - Published: 2006-09-14 22:07 - Updated: 2025-04-03 01:03
Severity ?
Summary
Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor.
References
cve@mitre.orghttp://secunia.com/advisories/21884Vendor Advisory
cve@mitre.orghttp://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html
cve@mitre.orghttp://securitytracker.com/id?1016842
cve@mitre.orghttp://www.securityfocus.com/archive/1/446293/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/19986
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/28937
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21884Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016842
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/446293/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19986
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/28937
Impacted products
Vendor Product Version
symantec client_security 1.0
symantec client_security 1.0.1
symantec client_security 1.0.1_build_8.01.434
symantec client_security 1.0.1_build_8.01.437
symantec client_security 1.0.1_build_8.01.446
symantec client_security 1.0.1_build_8.01.457
symantec client_security 1.0.1_build_8.01.460
symantec client_security 1.0.1_build_8.01.464
symantec client_security 1.0.1_build_8.01.471
symantec client_security 1.1
symantec client_security 1.1.1
symantec client_security 1.1.1_mr1_build_8.1.1.314a
symantec client_security 1.1.1_mr2_build_8.1.1.319
symantec client_security 1.1.1_mr3_build_8.1.1.323
symantec client_security 1.1.1_mr4_build_8.1.1.329
symantec client_security 1.1.1_mr5_build_8.1.1.336
symantec client_security 1.2
symantec client_security 1.3
symantec client_security 1.4
symantec client_security 1.5
symantec client_security 1.6
symantec client_security 1.7
symantec client_security 1.8
symantec client_security 1.9
symantec client_security 2.0
symantec client_security 2.0.1
symantec client_security 2.0.2
symantec client_security 2.0.3
symantec client_security 2.0.4
symantec norton_antivirus 8.1
symantec norton_antivirus 8.1.1.319
symantec norton_antivirus 8.1.1.323
symantec norton_antivirus 8.1.1.329
symantec norton_antivirus 8.1.1_build8.1.1.314a
symantec norton_antivirus 9.0
symantec norton_antivirus 9.0.1
symantec norton_antivirus 9.0.1.1.1000
symantec norton_antivirus 9.0.1.1000
symantec norton_antivirus 9.0.2
symantec norton_antivirus 9.0.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1DFD4CB-40A1-4D70-97AC-0941826F28CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C856CC4-0AAE-4539-A57B-0160AA5751F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.434:mr3:*:*:*:*:*:*",
              "matchCriteriaId": "BE15AE1D-8647-444F-90F0-FC658A3AC344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.437:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C03FA86-F2E6-4E41-8368-E917C91D7837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.446:mr4:*:*:*:*:*:*",
              "matchCriteriaId": "95BF74F0-40F1-4395-AC85-E6B566950C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.457:mr5:*:*:*:*:*:*",
              "matchCriteriaId": "994CB184-AFE8-4673-ACE8-085813F1E71F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.460:mr6:*:*:*:*:*:*",
              "matchCriteriaId": "85CF6FFB-4189-4558-A70D-DE6D4C0C1F82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.464:mr7:*:*:*:*:*:*",
              "matchCriteriaId": "31D6A148-A92C-4FCA-8762-16764D62C363",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.471:mr8:*:*:*:*:*:*",
              "matchCriteriaId": "3E6E2EA2-88DA-4DF0-9AA3-3E3D2C80C04E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7483F6DD-EDC0-497E-A5A9-B186E02CCCEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA2590E-DFB0-4B72-99BC-B49AD97A4969",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.1.1_mr1_build_8.1.1.314a:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB47C16B-5221-4D64-BDB2-65D072A66C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.1.1_mr2_build_8.1.1.319:*:*:*:*:*:*:*",
              "matchCriteriaId": "204F2046-F116-45D7-9256-179A3B59886A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.1.1_mr3_build_8.1.1.323:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD0C67C0-3CF1-4BAD-A673-9B783E1D0724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.1.1_mr4_build_8.1.1.329:*:*:*:*:*:*:*",
              "matchCriteriaId": "274EA5DA-9519-46DE-B11E-87BDF1978E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.1.1_mr5_build_8.1.1.336:*:*:*:*:*:*:*",
              "matchCriteriaId": "044C020A-0BCC-4037-BC32-73385A0BE019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "102D0C6A-31B8-4275-A805-4CA446D1C77F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA18147D-E618-4902-8837-5824240DD50E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "75D357CC-EAD0-42E3-B38C-BE2DC44D154E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "201403B4-3B5C-4F77-ADAE-7A553D4D58F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8D19926-AB65-4C06-8C44-7EA9B070FD1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F27E94F-F6D6-4C40-878F-BF952658A909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA71038-2D4E-4366-A3D1-AD85251B3E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC689F12-84C6-4B52-970F-DAF6B00B4A42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DDD0E02-306D-4675-B73A-2C2F619CDDCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "251E7DE8-4485-438E-B62D-1BF508ECCCF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "742DB20E-AB26-4CF4-A383-BDCF3FBA448F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5E4BCD7-E441-417A-8C52-E1DE80AD67CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4D86F7A-F2C0-471C-8EA8-E1C7230F25AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:8.1:*:corporate:*:*:*:*:*",
              "matchCriteriaId": "3AA02AEB-362B-4A09-92E3-D6D8BB4B6CB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:8.1.1.319:*:corporate:*:*:*:*:*",
              "matchCriteriaId": "E626F14C-FDE9-4C6A-8CE7-B99CD4FEE485",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:8.1.1.323:*:corporate:*:*:*:*:*",
              "matchCriteriaId": "EC4CFE5A-4D51-405D-B92E-37DE4E617ABE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:8.1.1.329:*:corporate:*:*:*:*:*",
              "matchCriteriaId": "727A116A-D18C-4F3F-A6A8-2C6107FFB8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:8.1.1_build8.1.1.314a:*:corporate:*:*:*:*:*",
              "matchCriteriaId": "4A6612F1-4CA8-427A-AED4-854F943BA3D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0:*:corporate:*:*:*:*:*",
              "matchCriteriaId": "D9E85FD6-9E89-4497-854C-60A20639CE52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:corporate:*:*:*:*:*",
              "matchCriteriaId": "2860637E-6FA5-445A-86B5-E9F2D2D7DD37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.1.1.1000:*:corporate:*:*:*:*:*",
              "matchCriteriaId": "EDF0DA40-1AC4-4610-AEAC-F431E23BAEAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.1.1000:*:corporate:*:*:*:*:*",
              "matchCriteriaId": "018D1F3B-BAFC-461E-B833-9E0F98A6533D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:corporate:*:*:*:*:*",
              "matchCriteriaId": "4B9AED5E-2D66-4EB2-95CC-158D909AAE6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.4:*:corporate:*:*:*:*:*",
              "matchCriteriaId": "56D54011-9B09-4C63-8301-609C03E51099",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a \"second format string vulnerability\" as found by the vendor."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de formato de cadena en el servicio Real Time Virus Scan de Symantec AntiVirus Corporate Edition 8.1 a la 10.0, y Client Security 1.x a la 3.0, permite a un usuario local ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un vector no espeficicado relacionado con los mensajes de notificaci\u00f3n de alertas, un vector diferente a CVE-2006-3454, una \"segunda vulnerabilidad de formato de cadena\" seg\u00fan lo encontrado por el vendedor."
    }
  ],
  "id": "CVE-2006-4802",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-09-14T22:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21884"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016842"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/446293/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/19986"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28937"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016842"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/446293/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19986"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28937"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.