|
|
|
|
| |
Credit:
The information has been provided by Symantec Security.
The original article can be found at: http://www.symantec.com/avcenter/security/Content/2006.09.13.html
|
| |
Affected Products:
* Symantec AntiVirus Corporate Edition versions 10.0, 9.x, and 8.1
* Symantec Client Security versions 3.0, 2.x, 1.x
Unaffected Products:
* Symantec AntiVirus Corporate Edition version 10.1
* Symantec Client Security version 3.1
Deral Heiland of Layered Defense notified Symantec of a format string vulnerability within Symantec AntiVirus Corporate Edition. If successfully exploited, the vulnerability could allow a local attacker to execute code with elevated privileges on the local system.
In addition, Symantec engineers found a second format string vulnerability in the alert notification process. This issue could allow a local user to replace the alert notification message with a format string which could cause potentially cause the Real Time Virus Scan service to crash when the notification message is displayed following the detection of a malicious file.
Symantec Response:
Symantec engineers have verified that these vulnerabilities exist in the product versions indicated, and have provided updates to address the issue.
CVE Information:
CVE-2006-3454
|
|
|
|
|
