7.2

CVE-2006-3454

Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SymantecClient Security Version1.0
SymantecClient Security Version1.0.1
SymantecClient Security Version1.1
SymantecClient Security Version1.1.1
SymantecClient Security Version2.0
SymantecClient Security Version2.0.1
SymantecClient Security Version2.0.2
SymantecClient Security Version2.0.3
SymantecClient Security Version2.0.4
SymantecClient Security Version3.0
SymantecNorton Antivirus Version8.1 Editioncorporate
SymantecNorton Antivirus Version9.0 Editioncorporate
SymantecNorton Antivirus Version9.0.1 Editioncorporate
SymantecNorton Antivirus Version9.0.2 Editioncorporate
SymantecNorton Antivirus Version10.0 Editioncorporate
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.46% 0.363
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://layereddefense.com/SAV13SEPT.html
http://secunia.com/advisories/21884
http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html
Patch
Vendor Advisory
http://securitytracker.com/id?1016842
http://www.securityfocus.com/archive/1/446041/100/0/threaded
http://www.securityfocus.com/archive/1/446293/100/0/threaded
http://www.securityfocus.com/bid/19986
http://www.vupen.com/english/advisories/2006/3599
https://exchange.xforce.ibmcloud.com/vulnerabilities/28936