CVSS: 4.3EPSS: 0%CPEs: 41EXPL: 0CVE-2006-3455
https://notcve.org/view.php?id=CVE-2006-3455
The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function. El controlador de dispositivo SAVRT.SYS, utilizado en Symantec AntiVirus Corporate Edition 8.1 y 9.0.x hasta 9.0.3, y en Symantec Client Security 1.1 y 2.0.x hasta 2.0.3, permite a usuarios locales ejecutar código de su elección mediante una dirección modificada para el argumento de búfer de salida en la función DeviceIOControl. • http://secunia.com/advisories/22536 http://securitytracker.com/id?1017108 http://securitytracker.com/id?1017109 http://www.securityfocus.com/archive/1/449524/100/0/threaded http://www.securityfocus.com/bid/20684 http://www.symantec.com/avcenter/security/Content/2006.10.23.html http://www.vupen.com/english/advisories/2006/4157 https://exchange.xforce.ibmcloud.com/vulnerabilities/29762 •
CVSS: 4.9EPSS: 0%CPEs: 101EXPL: 2CVE-2006-4855 – Symantec (Multiple Products) - 'SymEvent' Driver Local Denial of Service
https://notcve.org/view.php?id=CVE-2006-4855
The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data. El driver \Device\SymEvent en Symantec Norton Personal Firewall 2006 9.1.0.33, y otras versiones del Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, y 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0 y 10.1, Symantec pcAnywhere 11.5 y Symantec Host, permite a usuarios locales provocar una denegación de servicio (caída del sistema) vía una información inválida, como ha sido demostrado llamando a DeviceIoControl para enviar la información. • https://www.exploit-db.com/exploits/28588 http://secunia.com/advisories/21938 http://securityreason.com/securityalert/1591 http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html http://securitytracker.com/id?1016889 http://securitytracker.com/id?1016892 http://securitytracker.com/id?1016893 http://securitytracker.com/id?1016894 http://securitytracker.com/id? • CWE-399: Resource Management Errors •
CVSS: 4.6EPSS: 2%CPEs: 40EXPL: 0CVE-2006-4802
https://notcve.org/view.php?id=CVE-2006-4802
Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor. Vulnerabilidad de formato de cadena en el servicio Real Time Virus Scan de Symantec AntiVirus Corporate Edition 8.1 a la 10.0, y Client Security 1.x a la 3.0, permite a un usuario local ejecutar código de su elección a través de un vector no espeficicado relacionado con los mensajes de notificación de alertas, un vector diferente a CVE-2006-3454, una "segunda vulnerabilidad de formato de cadena" según lo encontrado por el vendedor. • http://secunia.com/advisories/21884 http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html http://securitytracker.com/id?1016842 http://www.securityfocus.com/archive/1/446293/100/0/threaded http://www.securityfocus.com/bid/19986 https://exchange.xforce.ibmcloud.com/vulnerabilities/28937 •
CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0CVE-2006-3454
https://notcve.org/view.php?id=CVE-2006-3454
Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages. Múltiples vulnerabilidades de cadenas de formato en Symantec AntiVirus Corporate Edition 8.1 hasta 10.0, y Client Security 1.x hasta 3.0, permiten a usuarios locales ejecutar código de su elección mediante cadenas de formato en (1) Protección de Alteración en el Cliente (Tamper Protection) y (2) Mensajes de Notificación de Alerta de Virus. • http://layereddefense.com/SAV13SEPT.html http://secunia.com/advisories/21884 http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html http://securitytracker.com/id?1016842 http://www.securityfocus.com/archive/1/446041/100/0/threaded http://www.securityfocus.com/archive/1/446293/100/0/threaded http://www.securityfocus.com/bid/19986 http://www.vupen.com/english/advisories/2006/3599 https://exchange.xforce.ibmcloud.com/vulnerabilities/28936 •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2005-0922
https://notcve.org/view.php?id=CVE-2005-0922
Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type. • http://secunia.com/advisories/14741 http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html http://securitytracker.com/id?1013585 http://securitytracker.com/id?1013586 http://securitytracker.com/id?1013587 http://www.kb.cert.org/vuls/id/146020 http://www.securityfocus.com/bid/12923 •