CVE-2006-3455
https://notcve.org/view.php?id=CVE-2006-3455
The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function. El controlador de dispositivo SAVRT.SYS, utilizado en Symantec AntiVirus Corporate Edition 8.1 y 9.0.x hasta 9.0.3, y en Symantec Client Security 1.1 y 2.0.x hasta 2.0.3, permite a usuarios locales ejecutar código de su elección mediante una dirección modificada para el argumento de búfer de salida en la función DeviceIOControl. • http://secunia.com/advisories/22536 http://securitytracker.com/id?1017108 http://securitytracker.com/id?1017109 http://www.securityfocus.com/archive/1/449524/100/0/threaded http://www.securityfocus.com/bid/20684 http://www.symantec.com/avcenter/security/Content/2006.10.23.html http://www.vupen.com/english/advisories/2006/4157 https://exchange.xforce.ibmcloud.com/vulnerabilities/29762 •
CVE-2006-5403
https://notcve.org/view.php?id=CVE-2006-5403
Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Desbordamiento de buffer basado en pila en el Control de ActiveX usado en Symantec Automated Support Assistant, como el usado en el AntiVirus Norton, en Internet Security y System Works 2005 y 2006, permite a los atacantes remotos con la complicidad del usuario, causar la denegación de servicio (caída) y la posibilidad de ejecutar código de su elección mediante vectores no definidos. • http://secunia.com/advisories/22228 http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html http://securitytracker.com/id?1016988 http://securitytracker.com/id?1016989 http://securitytracker.com/id?1016990 http://securitytracker.com/id?1016991 http://www.kb.cert.org/vuls/id/400601 http://www.securityfocus.com/bid/20348 http://www.vupen.com/english/advisories/2006/3929 https://exchange.xforce.ibmcloud.com/vulnerabilities/29363 •
CVE-2006-5404
https://notcve.org/view.php?id=CVE-2006-5404
Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors. Vulnerabilidad no especificada en el Control de ActiveX usado en Symantec Automated Support Assistant, como el usado en el AntiVirus Norton, en Internet Security y System Works 2005 y 2006, permite a los atacantes remotos, con la complicidad del usuario, obtener información sensible mediante vectores no especificados. • http://secunia.com/advisories/22228 http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html http://securitytracker.com/id?1016988 http://securitytracker.com/id?1016989 http://securitytracker.com/id?1016990 http://securitytracker.com/id?1016991 http://www.securityfocus.com/bid/20348 http://www.vupen.com/english/advisories/2006/3929 https://exchange.xforce.ibmcloud.com/vulnerabilities/29366 •
CVE-2006-4855 – Symantec (Multiple Products) - 'SymEvent' Driver Local Denial of Service
https://notcve.org/view.php?id=CVE-2006-4855
The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data. El driver \Device\SymEvent en Symantec Norton Personal Firewall 2006 9.1.0.33, y otras versiones del Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, y 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0 y 10.1, Symantec pcAnywhere 11.5 y Symantec Host, permite a usuarios locales provocar una denegación de servicio (caída del sistema) vía una información inválida, como ha sido demostrado llamando a DeviceIoControl para enviar la información. • https://www.exploit-db.com/exploits/28588 http://secunia.com/advisories/21938 http://securityreason.com/securityalert/1591 http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html http://securitytracker.com/id?1016889 http://securitytracker.com/id?1016892 http://securitytracker.com/id?1016893 http://securitytracker.com/id?1016894 http://securitytracker.com/id? • CWE-399: Resource Management Errors •
CVE-2006-4802
https://notcve.org/view.php?id=CVE-2006-4802
Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor. Vulnerabilidad de formato de cadena en el servicio Real Time Virus Scan de Symantec AntiVirus Corporate Edition 8.1 a la 10.0, y Client Security 1.x a la 3.0, permite a un usuario local ejecutar código de su elección a través de un vector no espeficicado relacionado con los mensajes de notificación de alertas, un vector diferente a CVE-2006-3454, una "segunda vulnerabilidad de formato de cadena" según lo encontrado por el vendedor. • http://secunia.com/advisories/21884 http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html http://securitytracker.com/id?1016842 http://www.securityfocus.com/archive/1/446293/100/0/threaded http://www.securityfocus.com/bid/19986 https://exchange.xforce.ibmcloud.com/vulnerabilities/28937 •