CVE-2006-3454 Information

Description

Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0 and Client Security 1.x up to 3.0 allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.

Reference

http://layereddefense.com/SAV13SEPT.html http://secunia.com/advisories/21884 http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html http://securitytracker.com/id?1016842 http://www.securityfocus.com/archive/1/446041/100/0/threaded http://www.securityfocus.com/archive/1/446293/100/0/threaded http://www.securityfocus.com/bid/19986 http://www.vupen.com/english/advisories/2006/3599 https://exchange.xforce.ibmcloud.com/vulnerabilities/28936