SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2006-3454

Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0

CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

SECTRACK-1016842

BID-19986

http://www.securityfocus.com/archive/1/archive/1/446041/100/0/threaded

http://www.securityfocus.com/archive/1/archive/1/446293/100/0/threaded

SECUNIA-21884

ADV-2006-3599

http://layereddefense.com/SAV13SEPT.html

http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html

symantecantivirus-messages-code-execution(28936)


30480



423868



253562



909



197267



282