Strix
26.1K

CVE-2006-4802

UnknownEPSS 0.45%

Last modified

CVE-2006-4802 is a vulnerability of currently unknown severity. Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor.. EPSS estimates a 0.45% chance of exploitation in the next 30 days.

Description

Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor.

Metrics

EPSS Probability
0.45%

35.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersionsUpdate
SymantecClient Security1.0
SymantecClient Security1.0.1
SymantecClient Security1.0.1_build_8.01.434Mr3
SymantecClient Security1.0.1_build_8.01.437
SymantecClient Security1.0.1_build_8.01.446Mr4
SymantecClient Security1.0.1_build_8.01.457Mr5
SymantecClient Security1.0.1_build_8.01.460Mr6
SymantecClient Security1.0.1_build_8.01.464Mr7
SymantecClient Security1.0.1_build_8.01.471Mr8
SymantecClient Security1.1
SymantecClient Security1.1.1
SymantecClient Security1.1.1_mr1_build_8.1.1.314a
SymantecClient Security1.1.1_mr2_build_8.1.1.319
SymantecClient Security1.1.1_mr3_build_8.1.1.323
SymantecClient Security1.1.1_mr4_build_8.1.1.329
SymantecClient Security1.1.1_mr5_build_8.1.1.336
SymantecClient Security1.2
SymantecClient Security1.3
SymantecClient Security1.4
SymantecClient Security1.5
SymantecClient Security1.6
SymantecClient Security1.7
SymantecClient Security1.8
SymantecClient Security1.9
SymantecClient Security2.0
SymantecClient Security2.0.1
SymantecClient Security2.0.2
SymantecClient Security2.0.3
SymantecClient Security2.0.4
SymantecNorton Antivirus8.1
SymantecNorton Antivirus8.1.1.319
SymantecNorton Antivirus8.1.1.323
SymantecNorton Antivirus8.1.1.329
SymantecNorton Antivirus8.1.1_build8.1.1.314a
SymantecNorton Antivirus9.0
SymantecNorton Antivirus9.0.1
SymantecNorton Antivirus9.0.1.1.1000
SymantecNorton Antivirus9.0.1.1000
SymantecNorton Antivirus9.0.2
SymantecNorton Antivirus9.0.4

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2006-4802?
Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor.
How severe is CVE-2006-4802?
Severity scoring for CVE-2006-4802 is pending analysis. The EPSS model estimates a 0.45% probability of exploitation in the next 30 days.
How do I fix CVE-2006-4802?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-4802?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST