CVE-2006-3454
First published: Thu Sep 14 2006(Updated: )
Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Client Security | =3.0 | |
| Symantec Client Security | =1.0.1 | |
| Symantec Norton Antivirus with Backup | =9.0.2 | |
| Symantec Client Security | =2.0.4 | |
| Symantec Norton Antivirus with Backup | =10.0 | |
| Symantec Client Security | =1.1.1 | |
| Symantec Norton Antivirus with Backup | =9.0.1 | |
| Symantec Client Security | =1.1 | |
| Symantec Client Security | =2.0 | |
| Symantec Client Security | =2.0.3 | |
| Symantec Norton Antivirus with Backup | =8.1 | |
| Symantec Norton Antivirus with Backup | =9.0 | |
| Symantec Client Security | =2.0.2 | |
| Symantec Client Security | =2.0.1 | |
| Symantec Client Security | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html
- http://layereddefense.com/SAV13SEPT.html
- http://www.securityfocus.com/bid/19986
- http://secunia.com/advisories/21884
- http://securitytracker.com/id?1016842
- http://www.vupen.com/english/advisories/2006/3599
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28936
- http://www.securityfocus.com/archive/1/446293/100/0/threaded
- http://www.securityfocus.com/archive/1/446041/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-3454?
CVE-2006-3454 has a high severity due to its potential to allow local users to execute arbitrary code.
How do I fix CVE-2006-3454?
To fix CVE-2006-3454, users should upgrade to the latest version of Symantec AntiVirus or Client Security that addresses this vulnerability.
What software is affected by CVE-2006-3454?
CVE-2006-3454 affects Symantec AntiVirus Corporate Edition versions 8.1 to 10.0 and Symantec Client Security versions 1.x to 3.0.
What are the consequences of CVE-2006-3454?
The consequences of CVE-2006-3454 include the risk of arbitrary code execution, which may lead to unauthorized access or control over the system.
Who can exploit CVE-2006-3454?
Local users can exploit the vulnerabilities in CVE-2006-3454 by using specially crafted format strings.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/symantec
- canonical/symantec client security
- version/symantec client security/3.0
- version/symantec client security/1.0.1
- canonical/symantec norton antivirus with backup
- version/symantec norton antivirus with backup/9.0.2
- version/symantec client security/2.0.4
- version/symantec norton antivirus with backup/10.0
- version/symantec client security/1.1.1
- version/symantec norton antivirus with backup/9.0.1
- version/symantec client security/1.1
- version/symantec client security/2.0
- version/symantec client security/2.0.3
- version/symantec norton antivirus with backup/8.1
- version/symantec norton antivirus with backup/9.0
- version/symantec client security/2.0.2
- version/symantec client security/2.0.1
- version/symantec client security/1.0