[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-4855Date: (C)2006-09-19   (M)2023-12-22


The DeviceSymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.9
Exploit Score: 3.9
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: COMPLETE
  
Reference:
SECTRACK-1016889
SECTRACK-1016892
SECTRACK-1016893
SECTRACK-1016894
SECTRACK-1016895
SECTRACK-1016896
SECTRACK-1016897
SECTRACK-1016898
SREASON-1591
BID-20051
http://www.securityfocus.com/archive/1/archive/1/446111/100/0/threaded
SECUNIA-21938
ADV-2006-3636
http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html
http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php
symantec-firewall-symevent-dos(28960)

CPE    20
cpe:/a:symantec:client_security:1.0.1_build_8.01.501:mr9
cpe:/a:symantec:client_security:1.1.1
cpe:/a:symantec:client_security:1.0.1_build_8.01.425a:mr1
cpe:/a:symantec:client_security:1.0.1_build_8.01.457:mr5
...
CWE    1
CWE-399

© SecPod Technologies