CVE-2006-4802

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

14/09/2006

Last modified:

03/04/2025

Description

Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor.

Impact

Vector 2.0

AV:L/AC:L/Au:N/C:P/I:P/A:P CVSS v2.0 Severity and Metrics:

Base Score: 4.60 MEDIUM
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Attack Vector (AV): Local
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): Physical
Availability (A): Physical

Base Score 2.0

4.60

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:symantec:client_security:1.0:::::::*
cpe:2.3:a:symantec:client_security:1.0.1:::::::*
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.434:mr3::::::
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.437:::::::*
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.446:mr4::::::
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.457:mr5::::::
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.460:mr6::::::
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.464:mr7::::::
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.471:mr8::::::
cpe:2.3:a:symantec:client_security:1.1:::::::*
cpe:2.3:a:symantec:client_security:1.1.1:::::::*
cpe:2.3:a:symantec:client_security:1.1.1_mr1_build_8.1.1.314a:::::::*
cpe:2.3:a:symantec:client_security:1.1.1_mr2_build_8.1.1.319:::::::*
cpe:2.3:a:symantec:client_security:1.1.1_mr3_build_8.1.1.323:::::::*
cpe:2.3:a:symantec:client_security:1.1.1_mr4_build_8.1.1.329:::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:a:symantec:client_security:1.0:::::::*
cpe:2.3:a:symantec:client_security:1.0.1:::::::*
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.434:mr3::::::
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.437:::::::*
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.446:mr4::::::
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.457:mr5::::::
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.460:mr6::::::
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.464:mr7::::::
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.471:mr8::::::
cpe:2.3:a:symantec:client_security:1.1:::::::*
cpe:2.3:a:symantec:client_security:1.1.1:::::::*
cpe:2.3:a:symantec:client_security:1.1.1_mr1_build_8.1.1.314a:::::::*
cpe:2.3:a:symantec:client_security:1.1.1_mr2_build_8.1.1.319:::::::*
cpe:2.3:a:symantec:client_security:1.1.1_mr3_build_8.1.1.323:::::::*
cpe:2.3:a:symantec:client_security:1.1.1_mr4_build_8.1.1.329:::::::*

CVE-2006-4802

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools