ID

VAR-200609-0008

CVE

CVE-2006-3454

TITLE

Symantec AntiVirus Corporate Edition Format string vulnerability

DESCRIPTION

Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages. Symantec AntiVirus Corporate Edition is prone to multiple format-string vulnerabilities because it fails to properly sanitize user-supplied input before using it in the format-specifier argument to a formatted-printing function. Successfully exploiting these vulnerabilities may allow an attacker to execute arbitrary machine code with SYSTEM-level privileges. Attackers may also crash the Real Time Virus Scan service. Symantec AntiVirus is a very popular antivirus solution. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. 2) Another format string error exists in the alert notification process when displaying a notification message upon detection of a malicious file. SOLUTION: Apply patches (see patch matrix in vendor advisory). PROVIDED AND/OR DISCOVERED BY: 1) David Heiland, Layered Defense. 2) Reported by the vendor ORIGINAL ADVISORY: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html Layered Defense: http://layereddefense.com/SAV13SEPT.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . 09/13/2006 \x96 Vendor Public disclosure. ================================================== 6) Credits Discovered by Deral Heiland, www.LayeredDefense.com ================================================== 7) References CVE Reference: CVE-2006-3454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3454 ================================================== 9) About Layered Defense Layered Defense, Is a group of security professionals that work together on ethical Research, Testing and Training within the information security arena. http://www.layereddefense.com ================================================== _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . http://www.layereddefense.com ==================================================

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

format string

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Deral Heiland http://www.layereddefense.com/

SOURCES

LAST UPDATE DATE

2024-08-14T14:47:53.728000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE