CVE-2006-4802 Information

Description

Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0 and Client Security 1.x up to 3.0 allows local users to execute arbitrary code via an unspecified vector related to alert notification messages a different vector than CVE-2006-3454 a \second format string vulnerability\ as found by the vendor.

Reference

http://secunia.com/advisories/21884 http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html http://securitytracker.com/id?1016842 http://www.securityfocus.com/archive/1/446293/100/0/threaded http://www.securityfocus.com/bid/19986 https://exchange.xforce.ibmcloud.com/vulnerabilities/28937