CVE-2006-3455 Information

Description

The SAVRT.SYS device driver as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3 and Symantec Client Security 1.1 and 2.0.x up to 2.0.3 allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function.

Reference

http://secunia.com/advisories/22536 http://securitytracker.com/id?1017108 http://securitytracker.com/id?1017109 http://www.securityfocus.com/archive/1/449524/100/0/threaded http://www.securityfocus.com/bid/20684 http://www.symantec.com/avcenter/security/Content/2006.10.23.html http://www.vupen.com/english/advisories/2006/4157 https://exchange.xforce.ibmcloud.com/vulnerabilities/29762