[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-3455Date: (C)2006-10-23   (M)2023-12-22


The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 3.1
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication:
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1017108
SECTRACK-1017109
http://www.securityfocus.com/archive/1/archive/1/449524/100/0/threaded
BID-20684
SECUNIA-22536
ADV-2006-4157
http://www.symantec.com/avcenter/security/Content/2006.10.23.html
symantec-savrt-privilege-escalation(29762)

CPE    7
cpe:/a:symantec:client_security:1.1.1
cpe:/a:symantec:client_security:2.0.1_build_9.0.1.1000:mr1
cpe:/a:symantec:client_security:2.0.3_build_9.0.3.1000:mr3
cpe:/a:symantec:client_security:2.0.1
...

© SecPod Technologies