Vulnerability-Lookup

CVE-2006-3454 (GCVE-0-2006-3454)

Vulnerability from cvelistv5 – Published: 2006-09-14 00:00 – Updated: 2024-08-07 18:30

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GSD-2006-3454

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-3454

Aliases

CVE-2006-3454

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3454",
    "description": "Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.",
    "id": "GSD-2006-3454"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3454"
      ],
      "details": "Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.",
      "id": "GSD-2006-3454",
      "modified": "2023-12-13T01:19:57.335835Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-3454",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1016842",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016842"
          },
          {
            "name": "symantecantivirus-messages-code-execution(28936)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28936"
          },
          {
            "name": "20060914 Layered Defense Advisory :Symantec AntiVirus Corporate Edition Format String Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/446041/100/0/threaded"
          },
          {
            "name": "http://layereddefense.com/SAV13SEPT.html",
            "refsource": "MISC",
            "url": "http://layereddefense.com/SAV13SEPT.html"
          },
          {
            "name": "19986",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/19986"
          },
          {
            "name": "21884",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21884"
          },
          {
            "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html",
            "refsource": "CONFIRM",
            "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html"
          },
          {
            "name": "ADV-2006-3599",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3599"
          },
          {
            "name": "20060918 Symantec Security Advisory: Symantec AntiVirus Corporate Edition",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/446293/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:corporate:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:9.0:*:corporate:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.0:*:corporate:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:8.1:*:corporate:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:corporate:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3454"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html"
            },
            {
              "name": "http://layereddefense.com/SAV13SEPT.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://layereddefense.com/SAV13SEPT.html"
            },
            {
              "name": "19986",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/19986"
            },
            {
              "name": "21884",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21884"
            },
            {
              "name": "1016842",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016842"
            },
            {
              "name": "ADV-2006-3599",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/3599"
            },
            {
              "name": "symantecantivirus-messages-code-execution(28936)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28936"
            },
            {
              "name": "20060918 Symantec Security Advisory: Symantec AntiVirus Corporate Edition",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/446293/100/0/threaded"
            },
            {
              "name": "20060914 Layered Defense Advisory :Symantec AntiVirus Corporate Edition Format String Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/446041/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-18T16:47Z",
      "publishedDate": "2006-09-14T00:07Z"
    }
  }
}

VAR-200609-0008

Vulnerability from variot - Updated: 2025-04-03 22:25

Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages. Symantec AntiVirus Corporate Edition is prone to multiple format-string vulnerabilities because it fails to properly sanitize user-supplied input before using it in the format-specifier argument to a formatted-printing function. Successfully exploiting these vulnerabilities may allow an attacker to execute arbitrary machine code with SYSTEM-level privileges. Attackers may also crash the Real Time Virus Scan service. Symantec AntiVirus is a very popular antivirus solution.

Want to work within IT-Security?

Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.

2) Another format string error exists in the alert notification process when displaying a notification message upon detection of a malicious file.

SOLUTION: Apply patches (see patch matrix in vendor advisory).

PROVIDED AND/OR DISCOVERED BY: 1) David Heiland, Layered Defense. 2) Reported by the vendor

ORIGINAL ADVISORY: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html

Layered Defense: http://layereddefense.com/SAV13SEPT.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. 09/13/2006 \x96 Vendor Public disclosure. ================================================== 6) Credits Discovered by Deral Heiland, www.LayeredDefense.com ================================================== 7) References CVE Reference: CVE-2006-3454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3454 ================================================== 9) About Layered Defense Layered Defense, Is a group of security professionals that work together on ethical Research, Testing and Training within the information security arena. http://www.layereddefense.com ==================================================

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . http://www.layereddefense.com ==================================================

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200609-0008",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "symantec",
        "version": "3.0"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "symantec",
        "version": "2.0"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "9.0"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "2.0.3"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "9.0.1"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "2.0.2"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "2.0.1"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "10.0"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "8.1"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "9.0.2"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "symantec",
        "version": "1.1.1"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "symantec",
        "version": "1.1"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "symantec",
        "version": "1.0.1"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "symantec",
        "version": "1.0"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "2.0.4"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "symantec",
        "version": "1.x to  3.0"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "symantec",
        "version": "corporate edition 8.1 to  10.0"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0.2.2011"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0.2.2010"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0.2.2002"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0.2.2001"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0.2.2000"
      },
      {
        "model": "client security mr3 b9.0.3.1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2.0.3"
      },
      {
        "model": "client security mr2 b9.0.2.1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2.0.2"
      },
      {
        "model": "client security mr1 b9.0.1.1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2.0.1"
      },
      {
        "model": "client security stm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2.09.0.0.338"
      },
      {
        "model": "client security (scf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2.07.1)"
      },
      {
        "model": "client security mr5 build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.1.18.1.1.336"
      },
      {
        "model": "client security mr4 build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.1.18.1.1.329"
      },
      {
        "model": "client security mr3 build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.1.18.1.1.323"
      },
      {
        "model": "client security mr2 build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.1.18.1.1.319"
      },
      {
        "model": "client security mr1 build 8.1.1.314a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.1.1"
      },
      {
        "model": "client security mr6 b8.1.1.266",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.1.1"
      },
      {
        "model": "client security stm b8.1.0.825a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.1"
      },
      {
        "model": "client security mr8 build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.0.18.01.471"
      },
      {
        "model": "client security mr7 build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.0.18.01.464"
      },
      {
        "model": "client security mr6 build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.0.18.01.460"
      },
      {
        "model": "client security mr5 build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.0.18.01.457"
      },
      {
        "model": "client security mr4 build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.0.18.01.446"
      },
      {
        "model": "client security mr3 build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.0.18.01.434"
      },
      {
        "model": "client security build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.0.18.01.437"
      },
      {
        "model": "client security mr9 b8.01.501",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.0.1"
      },
      {
        "model": "client security mr2 b8.01.429c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.0.1"
      },
      {
        "model": "client security mr1 b8.01.425a/b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.0.1"
      },
      {
        "model": "client security b8.01.9378",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.0.0"
      },
      {
        "model": "client security b8.01.9374",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.0"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.0.2.2011"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.0.2.2010"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.0.2.2002"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.0.2.2001"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.0.2.2000"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.0"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "9.0.5"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "9.0.4"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "9.0.3.1000"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "9.0.2.1000"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "9.0.1.1.1000"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "9.0.0.338"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "9.0"
      },
      {
        "model": "antivirus corporate edition build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "8.1.18.1.1.329"
      },
      {
        "model": "antivirus corporate edition build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "8.1.18.1.1.323"
      },
      {
        "model": "antivirus corporate edition build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "8.1.18.1.1.319"
      },
      {
        "model": "antivirus corporate edition build 8.1.1.314a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "8.1.1"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "8.1.1.377"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "8.1.1.366"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "8.1.1"
      },
      {
        "model": "antivirus corporate edition build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "8.18.01.471"
      },
      {
        "model": "antivirus corporate edition build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "8.18.01.464"
      },
      {
        "model": "antivirus corporate edition build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "8.18.01.460"
      },
      {
        "model": "antivirus corporate edition build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "8.18.01.457"
      },
      {
        "model": "antivirus corporate edition build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "8.18.01.446"
      },
      {
        "model": "antivirus corporate edition build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "8.18.01.437"
      },
      {
        "model": "antivirus corporate edition build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "8.18.01.434"
      },
      {
        "model": "antivirus corporate edition .0.825a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "8.1"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "8.1"
      },
      {
        "model": "client security",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0.2.2020"
      },
      {
        "model": "client security build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2.0.51100"
      },
      {
        "model": "client security build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "1.1.1393"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "10.0.2.2020"
      },
      {
        "model": "antivirus corporate edition",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "9.0.5.1100"
      },
      {
        "model": "antivirus corporate edition build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "8.1.1393"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "19986"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002728"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-205"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3454"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:symantec:client_security",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:symantec:norton_antivirus",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002728"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Deral Heiland http://www.layereddefense.com/",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-205"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-3454",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2006-3454",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-19562",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2006-3454",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2006-3454",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200609-205",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-19562",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19562"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002728"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-205"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3454"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages. Symantec AntiVirus Corporate Edition is prone to multiple format-string vulnerabilities because it fails to properly sanitize user-supplied input before using it in the format-specifier argument to a formatted-printing function. \nSuccessfully exploiting these vulnerabilities may allow an attacker to execute arbitrary machine code with SYSTEM-level privileges. Attackers may also crash the Real Time Virus Scan service. Symantec AntiVirus is a very popular antivirus solution. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\n2) Another format string error exists in the alert notification\nprocess when displaying a notification message upon detection of a\nmalicious file. \n\nSOLUTION:\nApply patches (see patch matrix in vendor advisory). \n\nPROVIDED AND/OR DISCOVERED BY:\n1) David Heiland, Layered Defense. \n2) Reported by the vendor\n\nORIGINAL ADVISORY:\nSymantec:\nhttp://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html\n\nLayered Defense:\nhttp://layereddefense.com/SAV13SEPT.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n09/13/2006 \\x96 Vendor Public disclosure. \n==================================================\n6) Credits\nDiscovered by Deral Heiland, www.LayeredDefense.com\n==================================================\n7) References\nCVE Reference:\nCVE-2006-3454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3454\n==================================================\n9) About Layered Defense\nLayered Defense, Is a group of security \nprofessionals that work together on ethical \nResearch, Testing and Training within the information security arena. \nhttp://www.layereddefense.com\n==================================================\n\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \nhttp://www.layereddefense.com\n================================================== \n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3454"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002728"
      },
      {
        "db": "BID",
        "id": "19986"
      },
      {
        "db": "VULHUB",
        "id": "VHN-19562"
      },
      {
        "db": "PACKETSTORM",
        "id": "50042"
      },
      {
        "db": "PACKETSTORM",
        "id": "50052"
      },
      {
        "db": "PACKETSTORM",
        "id": "50093"
      }
    ],
    "trust": 2.25
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-19562",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19562"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-3454",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "19986",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "21884",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3599",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1016842",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002728",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-205",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20060918 SYMANTEC SECURITY ADVISORY: SYMANTEC ANTIVIRUS CORPORATE EDITION",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20060914 LAYERED DEFENSE ADVISORY :SYMANTEC ANTIVIRUS CORPORATE EDITION FORMAT STRING VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "28936",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "50093",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-19562",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50042",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50052",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19562"
      },
      {
        "db": "BID",
        "id": "19986"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002728"
      },
      {
        "db": "PACKETSTORM",
        "id": "50042"
      },
      {
        "db": "PACKETSTORM",
        "id": "50052"
      },
      {
        "db": "PACKETSTORM",
        "id": "50093"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-205"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3454"
      }
    ]
  },
  "id": "VAR-200609-0008",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19562"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-03T22:25:57.172000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SYM06-017",
        "trust": 0.8,
        "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002728"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3454"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://securityresponse.symantec.com/avcenter/security/content/2006.09.13.html"
      },
      {
        "trust": 1.8,
        "url": "http://layereddefense.com/sav13sept.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/19986"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1016842"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/21884"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/446041/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/446293/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/3599"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28936"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3454"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3454"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/3599"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/28936"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/446293/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/446041/100/0/threaded"
      },
      {
        "trust": 0.4,
        "url": "http://www.layereddefense.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.symantec.com/products/enterprise?c=prodinfo\u0026refid=805"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/446041"
      },
      {
        "trust": 0.2,
        "url": "http://www.symantec.com/avcenter/security/content/2006.09.13.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/quality_assurance_analyst/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3549/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6649/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3478/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2344/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5555/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/659/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/web_application_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/21884/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3454"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19562"
      },
      {
        "db": "BID",
        "id": "19986"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002728"
      },
      {
        "db": "PACKETSTORM",
        "id": "50042"
      },
      {
        "db": "PACKETSTORM",
        "id": "50052"
      },
      {
        "db": "PACKETSTORM",
        "id": "50093"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-205"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3454"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-19562"
      },
      {
        "db": "BID",
        "id": "19986"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002728"
      },
      {
        "db": "PACKETSTORM",
        "id": "50042"
      },
      {
        "db": "PACKETSTORM",
        "id": "50052"
      },
      {
        "db": "PACKETSTORM",
        "id": "50093"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-205"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3454"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-09-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-19562"
      },
      {
        "date": "2006-09-13T00:00:00",
        "db": "BID",
        "id": "19986"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-002728"
      },
      {
        "date": "2006-09-14T22:28:53",
        "db": "PACKETSTORM",
        "id": "50042"
      },
      {
        "date": "2006-09-14T23:06:11",
        "db": "PACKETSTORM",
        "id": "50052"
      },
      {
        "date": "2006-09-16T06:52:54",
        "db": "PACKETSTORM",
        "id": "50093"
      },
      {
        "date": "2006-09-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-205"
      },
      {
        "date": "2006-09-14T00:07:00",
        "db": "NVD",
        "id": "CVE-2006-3454"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-19562"
      },
      {
        "date": "2016-07-05T21:38:00",
        "db": "BID",
        "id": "19986"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-002728"
      },
      {
        "date": "2006-09-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200609-205"
      },
      {
        "date": "2025-04-03T01:03:51.193000",
        "db": "NVD",
        "id": "CVE-2006-3454"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "19986"
      },
      {
        "db": "PACKETSTORM",
        "id": "50042"
      },
      {
        "db": "PACKETSTORM",
        "id": "50052"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-205"
      }
    ],
    "trust": 1.1
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Symantec AntiVirus Corporate Edition Format string vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-002728"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "format string",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200609-205"
      }
    ],
    "trust": 0.6
  }
}

GHSA-7W82-PWGM-97M7

Vulnerability from github – Published: 2022-05-01 07:09 – Updated: 2022-05-01 07:09

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-3454"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-09-14T00:07:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.",
  "id": "GHSA-7w82-pwgm-97m7",
  "modified": "2022-05-01T07:09:18Z",
  "published": "2022-05-01T07:09:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3454"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28936"
    },
    {
      "type": "WEB",
      "url": "http://layereddefense.com/SAV13SEPT.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21884"
    },
    {
      "type": "WEB",
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016842"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/446041/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/446293/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/19986"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3599"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2006-3454

Vulnerability from fkie_nvd - Published: 2006-09-14 00:07 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://layereddefense.com/SAV13SEPT.html
cve@mitre.org	http://secunia.com/advisories/21884
cve@mitre.org	http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1016842
cve@mitre.org	http://www.securityfocus.com/archive/1/446041/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/446293/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/19986
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3599
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/28936
af854a3a-2127-422b-91ae-364da2661108	http://layereddefense.com/SAV13SEPT.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21884
af854a3a-2127-422b-91ae-364da2661108	http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016842
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/446041/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/446293/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19986
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3599
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/28936

Impacted products

Vendor	Product	Version
symantec	client_security	1.0
symantec	client_security	1.0.1
symantec	client_security	1.1
symantec	client_security	1.1.1
symantec	client_security	2.0
symantec	client_security	2.0.1
symantec	client_security	2.0.2
symantec	client_security	2.0.3
symantec	client_security	2.0.4
symantec	client_security	3.0
symantec	norton_antivirus	8.1
symantec	norton_antivirus	9.0
symantec	norton_antivirus	9.0.1
symantec	norton_antivirus	9.0.2
symantec	norton_antivirus	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1DFD4CB-40A1-4D70-97AC-0941826F28CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C856CC4-0AAE-4539-A57B-0160AA5751F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7483F6DD-EDC0-497E-A5A9-B186E02CCCEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA2590E-DFB0-4B72-99BC-B49AD97A4969",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DDD0E02-306D-4675-B73A-2C2F619CDDCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "251E7DE8-4485-438E-B62D-1BF508ECCCF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "742DB20E-AB26-4CF4-A383-BDCF3FBA448F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5E4BCD7-E441-417A-8C52-E1DE80AD67CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4D86F7A-F2C0-471C-8EA8-E1C7230F25AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "844A6963-F60C-4D48-8445-9056C99201D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:8.1:*:corporate:*:*:*:*:*",
              "matchCriteriaId": "3AA02AEB-362B-4A09-92E3-D6D8BB4B6CB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0:*:corporate:*:*:*:*:*",
              "matchCriteriaId": "D9E85FD6-9E89-4497-854C-60A20639CE52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:corporate:*:*:*:*:*",
              "matchCriteriaId": "2860637E-6FA5-445A-86B5-E9F2D2D7DD37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:corporate:*:*:*:*:*",
              "matchCriteriaId": "4B9AED5E-2D66-4EB2-95CC-158D909AAE6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0:*:corporate:*:*:*:*:*",
              "matchCriteriaId": "CAC5389A-8B18-40C4-A3E0-E50B6AA724FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de cadenas de formato en Symantec AntiVirus Corporate Edition 8.1 hasta 10.0, y Client Security 1.x hasta 3.0, permiten a usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n mediante cadenas de formato en (1) Protecci\u00f3n de Alteraci\u00f3n en el Cliente (Tamper Protection) y (2) Mensajes de Notificaci\u00f3n de Alerta de Virus."
    }
  ],
  "id": "CVE-2006-3454",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-09-14T00:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://layereddefense.com/SAV13SEPT.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21884"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016842"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/446041/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/446293/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/19986"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3599"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28936"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://layereddefense.com/SAV13SEPT.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016842"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/446041/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/446293/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19986"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3599"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28936"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2006-AVI-394

Vulnerability from certfr_avis - Published: 2006-09-14 - Updated: 2006-09-14

Deux vulnérabilités permettant respectivement d'exécuter du code arbitraire à distance ou de provoquer un déni de service ont été découverte dans le logiciel antivirus de Symantec.

Description

Deux vulnérabilités ont été découvertes dans les suites logicielles antivirus de Symantec :

la première vulnérabilité résulte d'une erreur dans le traitement d'un message de notification malformé. Un utilisateur mal intentionné peut, grâce à un message spécialement construit, exécuter des commandes arbitraires à distance. Ces commandes sont exécutées avec les privilèges SYSTEM ;
la seconde vulnérabilité est présente au niveau du module de vérification en temps réel. Cette vulnérabilité peut être exploitée par l'intermédiaire d'un message de notification spécialement construit, conduisant alors à un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Symantec	N/A	Symantec Client Security 2.x ;
Symantec	N/A	Symantec AntiVirus Corporate Edition 10.0 ;
Symantec	N/A	Symantec AntiVirus Corporate Edition 9.x ;
Symantec	N/A	Symantec Client Security 1.x.
Symantec	N/A	Symantec AntiVirus Corporate Edition 8.1 ;
Symantec	N/A	Symantec Client Security 3.0 ;

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-3454 (GCVE-0-2006-3454)

GSD-2006-3454

VAR-200609-0008

GHSA-7W82-PWGM-97M7

FKIE_CVE-2006-3454

CERTA-2006-AVI-394

Description

Solution

Tags

Sightings

Nomenclature