[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248364

 
 

909

 
 

195388

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-4855Date: (C)2006-09-19   (M)2023-12-22


The DeviceSymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.9
Exploit Score: 3.9
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: COMPLETE
  
Reference:
SECTRACK-1016889
SECTRACK-1016892
SECTRACK-1016893
SECTRACK-1016894
SECTRACK-1016895
SECTRACK-1016896
SECTRACK-1016897
SECTRACK-1016898
SREASON-1591
BID-20051
http://www.securityfocus.com/archive/1/archive/1/446111/100/0/threaded
SECUNIA-21938
ADV-2006-3636
http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html
http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php
symantec-firewall-symevent-dos(28960)

CPE    20
cpe:/a:symantec:client_security:1.0.1_build_8.01.501:mr9
cpe:/a:symantec:client_security:1.1.1
cpe:/a:symantec:client_security:1.0.1_build_8.01.425a:mr1
cpe:/a:symantec:client_security:1.0.1_build_8.01.457:mr5
...
CWE    1
CWE-399

© SecPod Technologies