CVE-2006-3455

Sažetak

The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function.

Reference

http://secunia.com/advisories/22536
http://securitytracker.com/id?1017108
http://securitytracker.com/id?1017109
http://www.securityfocus.com/archive/1/449524/100/0/threaded
http://www.securityfocus.com/bid/20684
http://www.symantec.com/avcenter/security/Content/2006.10.23.html
http://www.vupen.com/english/advisories/2006/4157
https://exchange.xforce.ibmcloud.com/vulnerabilities/29762

CVSS

Base:	4.3
Impact:	6.4
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

18-10-2018 - 16:47

Objavljeno

23-10-2006 - 20:07