CVE-2006-3454

Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.

Published: Sep 14, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-3454
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
symantec / client_security	3.0	3.0.x
symantec / client_security	1.0.1	1.0.1.x
symantec / norton_antivirus	9.0.2	9.0.2.x
symantec / client_security	2.0.4	2.0.4.x
symantec / norton_antivirus	10.0	10.0.x
symantec / client_security	1.1.1	1.1.1.x
symantec / norton_antivirus	9.0.1	9.0.1.x
symantec / client_security	1.1	1.1.x
symantec / client_security	2.0	2.0.x
symantec / client_security	2.0.3	2.0.3.x
symantec / norton_antivirus	8.1	8.1.x
symantec / norton_antivirus	9.0	9.0.x
symantec / client_security	2.0.2	2.0.2.x
symantec / client_security	2.0.1	2.0.1.x
symantec / client_security	1.0	1.0.x

Vulnerability Database

289,697

CVE-2006-3454