CVE-2006-3455 | Date: (C)2006-10-23 (M)2023-12-22 |
The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V2 Severity: |
CVSS Score : 4.3 |
Exploit Score: 3.1 |
Impact Score: 6.4 |
|
CVSS V2 Metrics: |
Access Vector: LOCAL |
Access Complexity: LOW |
Authentication: |
Confidentiality: PARTIAL |
Integrity: PARTIAL |
Availability: PARTIAL |
| |