What is the severity of CVE-2006-3072?

CVE-2006-3072 is classified as a high-severity vulnerability due to its potential to allow arbitrary command execution.

How do I fix CVE-2006-3072?

To fix CVE-2006-3072, upgrade to Symantec Security Information Manager version 4.0.2.29 HOTFIX 1 or later.

Who is affected by CVE-2006-3072?

CVE-2006-3072 affects local users of Symantec Security Information Manager versions prior to 4.0.2.29 HOTFIX 1.

What type of attacks can CVE-2006-3072 facilitate?

CVE-2006-3072 can facilitate local attacks that execute arbitrary commands on the system.

What product does CVE-2006-3072 involve?

CVE-2006-3072 involves the M4 Macro Library in various versions of Symantec Security Information Manager.

Vulnerability/
CVE-2006-3072

medium

4.6

CWE

NVD-CWE-Other

19/6/2006

7/8/2024

CVE-2006-3072

First published: Mon Jun 19 2006(Updated: )

M4 Macro Library in Symantec Security Information Manager before 4.0.2.29 HOTFIX 1 allows local users to execute arbitrary commands via crafted "rule definitions", which produces dangerous Java code during M4 transformation.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Symantec Security Information Manager	=4.0.2.25
Symantec Security Information Manager	=4.0.2.14
Symantec Security Information Manager	=4.0.2.1
Symantec Security Information Manager	=4.0.2.11
Symantec Security Information Manager	=4.0.2.28
Symantec Security Information Manager	=4.0.2.24
Symantec Security Information Manager	=4.0.2.2
Symantec Security Information Manager	=4.0.2.22
Symantec Security Information Manager	=4.0.2.19
Symantec Security Information Manager	=4.0.2.27
Symantec Security Information Manager	=4.0.2.5
Symantec Security Information Manager	=4.0.2.17
Symantec Security Information Manager	=4.0.2.21
Symantec Security Information Manager	=4.0.2.8
Symantec Security Information Manager	=4.0.2.15
Symantec Security Information Manager	=4.0.2.12
Symantec Security Information Manager	=4.0.2.7
Symantec Security Information Manager	=4.0.2.23
Symantec Security Information Manager	=4.0.2.13
Symantec Security Information Manager	=4.0.2.6
Symantec Security Information Manager	=4.0.2.3
Symantec Security Information Manager	=4.0.2.18
Symantec Security Information Manager	=4.0.2.16
Symantec Security Information Manager	=4.0.2.4
Symantec Security Information Manager	=4.0.2.10
Symantec Security Information Manager	=4.0.2
Symantec Security Information Manager	=4.0.2.29
Symantec Security Information Manager	=4.0.2.9
Symantec Security Information Manager	=4.0.2.26
Symantec Security Information Manager	=4.0.2.20

Remedy

http://secunia.com/advisories/20647

Remedy

http://securitytracker.com/id?1016296

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-3072?
CVE-2006-3072 is classified as a high-severity vulnerability due to its potential to allow arbitrary command execution.
How do I fix CVE-2006-3072?
To fix CVE-2006-3072, upgrade to Symantec Security Information Manager version 4.0.2.29 HOTFIX 1 or later.
Who is affected by CVE-2006-3072?
CVE-2006-3072 affects local users of Symantec Security Information Manager versions prior to 4.0.2.29 HOTFIX 1.
What type of attacks can CVE-2006-3072 facilitate?
CVE-2006-3072 can facilitate local attacks that execute arbitrary commands on the system.
What product does CVE-2006-3072 involve?
CVE-2006-3072 involves the M4 Macro Library in various versions of Symantec Security Information Manager.

collector/nvd-historical
vendor/symantec
product/security information manager
canonical/symantec security information manager
collector/nvd-index
agent/type
agent/references
agent/remedy
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/author
agent/last-modified-date
agent/tags
agent/description
agent/first-publish-date
agent/event
agent/source
version/symantec security information manager/4.0.2.25
version/symantec security information manager/4.0.2.14
version/symantec security information manager/4.0.2.1
version/symantec security information manager/4.0.2.11
version/symantec security information manager/4.0.2.28
version/symantec security information manager/4.0.2.24
version/symantec security information manager/4.0.2.2
version/symantec security information manager/4.0.2.22
version/symantec security information manager/4.0.2.19
version/symantec security information manager/4.0.2.27
version/symantec security information manager/4.0.2.5
version/symantec security information manager/4.0.2.17
version/symantec security information manager/4.0.2.21
version/symantec security information manager/4.0.2.8
version/symantec security information manager/4.0.2.15
version/symantec security information manager/4.0.2.12
version/symantec security information manager/4.0.2.7
version/symantec security information manager/4.0.2.23
version/symantec security information manager/4.0.2.13
version/symantec security information manager/4.0.2.6
version/symantec security information manager/4.0.2.3
version/symantec security information manager/4.0.2.18
version/symantec security information manager/4.0.2.16
version/symantec security information manager/4.0.2.4
version/symantec security information manager/4.0.2.10
version/symantec security information manager/4.0.2
version/symantec security information manager/4.0.2.29
version/symantec security information manager/4.0.2.9
version/symantec security information manager/4.0.2.26
version/symantec security information manager/4.0.2.20

CVE-2006-3072

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-3072?

How do I fix CVE-2006-3072?

Who is affected by CVE-2006-3072?

What type of attacks can CVE-2006-3072 facilitate?

What product does CVE-2006-3072 involve?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2006-3072?

How do I fix CVE-2006-3072?

Who is affected by CVE-2006-3072?

What type of attacks can CVE-2006-3072 facilitate?

What product does CVE-2006-3072 involve?