CVSS: 6.0EPSS: 0%CPEs: 6EXPL: 0CVE-2007-3800
https://notcve.org/view.php?id=CVE-2007-3800
Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code. Vulnerabilidad no especificada en el componente Real-time scanner (RTVScan) en Symantec AntiVirus Corporate Edition 9.0 hasta la 10.1 y Client Security 2.0 hasta la 3.1, cuando la ventana Notification Message está activada, permite a usuarios locales ganar privilegios a través de código manipulado. • http://osvdb.org/36116 http://secunia.com/advisories/26054 http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11c.html http://www.securityfocus.com/bid/24810 http://www.vupen.com/english/advisories/2007/2506 https://exchange.xforce.ibmcloud.com/vulnerabilities/35352 •
CVSS: 4.3EPSS: 0%CPEs: 41EXPL: 0CVE-2006-3455
https://notcve.org/view.php?id=CVE-2006-3455
The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function. El controlador de dispositivo SAVRT.SYS, utilizado en Symantec AntiVirus Corporate Edition 8.1 y 9.0.x hasta 9.0.3, y en Symantec Client Security 1.1 y 2.0.x hasta 2.0.3, permite a usuarios locales ejecutar código de su elección mediante una dirección modificada para el argumento de búfer de salida en la función DeviceIOControl. • http://secunia.com/advisories/22536 http://securitytracker.com/id?1017108 http://securitytracker.com/id?1017109 http://www.securityfocus.com/archive/1/449524/100/0/threaded http://www.securityfocus.com/bid/20684 http://www.symantec.com/avcenter/security/Content/2006.10.23.html http://www.vupen.com/english/advisories/2006/4157 https://exchange.xforce.ibmcloud.com/vulnerabilities/29762 •
CVSS: 4.9EPSS: 0%CPEs: 101EXPL: 2CVE-2006-4855 – Symantec (Multiple Products) - 'SymEvent' Driver Local Denial of Service
https://notcve.org/view.php?id=CVE-2006-4855
The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data. El driver \Device\SymEvent en Symantec Norton Personal Firewall 2006 9.1.0.33, y otras versiones del Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, y 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0 y 10.1, Symantec pcAnywhere 11.5 y Symantec Host, permite a usuarios locales provocar una denegación de servicio (caída del sistema) vía una información inválida, como ha sido demostrado llamando a DeviceIoControl para enviar la información. • https://www.exploit-db.com/exploits/28588 http://secunia.com/advisories/21938 http://securityreason.com/securityalert/1591 http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html http://securitytracker.com/id?1016889 http://securitytracker.com/id?1016892 http://securitytracker.com/id?1016893 http://securitytracker.com/id?1016894 http://securitytracker.com/id? • CWE-399: Resource Management Errors •
CVSS: 4.6EPSS: 2%CPEs: 40EXPL: 0CVE-2006-4802
https://notcve.org/view.php?id=CVE-2006-4802
Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor. Vulnerabilidad de formato de cadena en el servicio Real Time Virus Scan de Symantec AntiVirus Corporate Edition 8.1 a la 10.0, y Client Security 1.x a la 3.0, permite a un usuario local ejecutar código de su elección a través de un vector no espeficicado relacionado con los mensajes de notificación de alertas, un vector diferente a CVE-2006-3454, una "segunda vulnerabilidad de formato de cadena" según lo encontrado por el vendedor. • http://secunia.com/advisories/21884 http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html http://securitytracker.com/id?1016842 http://www.securityfocus.com/archive/1/446293/100/0/threaded http://www.securityfocus.com/bid/19986 https://exchange.xforce.ibmcloud.com/vulnerabilities/28937 •
CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0CVE-2006-3454
https://notcve.org/view.php?id=CVE-2006-3454
Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages. Múltiples vulnerabilidades de cadenas de formato en Symantec AntiVirus Corporate Edition 8.1 hasta 10.0, y Client Security 1.x hasta 3.0, permiten a usuarios locales ejecutar código de su elección mediante cadenas de formato en (1) Protección de Alteración en el Cliente (Tamper Protection) y (2) Mensajes de Notificación de Alerta de Virus. • http://layereddefense.com/SAV13SEPT.html http://secunia.com/advisories/21884 http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html http://securitytracker.com/id?1016842 http://www.securityfocus.com/archive/1/446041/100/0/threaded http://www.securityfocus.com/archive/1/446293/100/0/threaded http://www.securityfocus.com/bid/19986 http://www.vupen.com/english/advisories/2006/3599 https://exchange.xforce.ibmcloud.com/vulnerabilities/28936 •