Vulnerability Details CVE-2006-4855
The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.5%
CVSS Severity
CVSS v2 Score 4.9
References
- http://secunia.com/advisories/21938
- http://securityreason.com/securityalert/1591
- http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html
- http://securitytracker.com/id?1016889
- http://securitytracker.com/id?1016892
- http://securitytracker.com/id?1016893
- http://securitytracker.com/id?1016894
- http://securitytracker.com/id?1016895
- http://securitytracker.com/id?1016896
- http://securitytracker.com/id?1016897
- http://securitytracker.com/id?1016898
- http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php
- http://www.securityfocus.com/archive/1/446111/100/0/threaded
- http://www.securityfocus.com/bid/20051
- http://www.vupen.com/english/advisories/2006/3636
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28960
- http://secunia.com/advisories/21938
- http://securityreason.com/securityalert/1591
- http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html
- http://securitytracker.com/id?1016889
- http://securitytracker.com/id?1016892
- http://securitytracker.com/id?1016893
- http://securitytracker.com/id?1016894
- http://securitytracker.com/id?1016895
- http://securitytracker.com/id?1016896
- http://securitytracker.com/id?1016897
- http://securitytracker.com/id?1016898
- http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php
- http://www.securityfocus.com/archive/1/446111/100/0/threaded
- http://www.securityfocus.com/bid/20051
- http://www.vupen.com/english/advisories/2006/3636
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28960
Products affected by CVE-2006-4855
-
cpe:2.3:a:symantec:client_security:1.0
-
cpe:2.3:a:symantec:client_security:1.0.0_b8.01.9378
-
cpe:2.3:a:symantec:client_security:1.0.1
-
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.425a
-
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.429c
-
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.434
-
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.437
-
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.446
-
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.457
-
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.460
-
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.464
-
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.471
-
cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.501
-
cpe:2.3:a:symantec:client_security:1.0_build_8.01.9374
-
cpe:2.3:a:symantec:client_security:1.1
-
cpe:2.3:a:symantec:client_security:1.1.1
-
cpe:2.3:a:symantec:client_security:1.1.1_build_393
-
cpe:2.3:a:symantec:client_security:1.1.1_mr1_build_8.1.1.314a
-
cpe:2.3:a:symantec:client_security:1.1.1_mr2_build_8.1.1.319
-
cpe:2.3:a:symantec:client_security:1.1.1_mr3_build_8.1.1.323
-
cpe:2.3:a:symantec:client_security:1.1.1_mr4_build_8.1.1.329
-
cpe:2.3:a:symantec:client_security:1.1.1_mr5_build_8.1.1.336
-
cpe:2.3:a:symantec:client_security:1.1.1_mr6_b8.1.1.266
-
cpe:2.3:a:symantec:client_security:1.1_stm_b8.1.0.825a
-
cpe:2.3:a:symantec:client_security:2.0
-
cpe:2.3:a:symantec:client_security:2.0.1_build_9.0.1.1000
-
cpe:2.3:a:symantec:client_security:2.0.2_build_9.0.2.1000
-
cpe:2.3:a:symantec:client_security:2.0.3_build_9.0.3.1000
-
cpe:2.3:a:symantec:client_security:2.0.5_build_1100
-
cpe:2.3:a:symantec:client_security:2.0_scf_7.1
-
cpe:2.3:a:symantec:client_security:2.0_stm_build_9.0.0.338
-
cpe:2.3:a:symantec:client_security:3.0
-
cpe:2.3:a:symantec:client_security:3.1
-
cpe:2.3:a:symantec:host_ids:-
-
cpe:2.3:a:symantec:norton_antivirus:10.0
-
cpe:2.3:a:symantec:norton_antivirus:10.0.2.2000
-
cpe:2.3:a:symantec:norton_antivirus:10.0.2.2001
-
cpe:2.3:a:symantec:norton_antivirus:10.0.2.2002
-
cpe:2.3:a:symantec:norton_antivirus:10.0.2.2010
-
cpe:2.3:a:symantec:norton_antivirus:10.0.2.2011
-
cpe:2.3:a:symantec:norton_antivirus:10.0.2.2020
-
cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021
-
cpe:2.3:a:symantec:norton_antivirus:10.1
-
cpe:2.3:a:symantec:norton_antivirus:2.1
-
cpe:2.3:a:symantec:norton_antivirus:2003
-
cpe:2.3:a:symantec:norton_antivirus:2004
-
cpe:2.3:a:symantec:norton_antivirus:2005
-
cpe:2.3:a:symantec:norton_antivirus:2006
-
cpe:2.3:a:symantec:norton_antivirus:2007
-
cpe:2.3:a:symantec:norton_antivirus:8.0
-
cpe:2.3:a:symantec:norton_antivirus:8.0.1
-
cpe:2.3:a:symantec:norton_antivirus:8.0.1.425a
-
cpe:2.3:a:symantec:norton_antivirus:8.0.1.425c
-
cpe:2.3:a:symantec:norton_antivirus:8.0.1.501
-
cpe:2.3:a:symantec:norton_antivirus:8.0.1.9374
-
cpe:2.3:a:symantec:norton_antivirus:8.0.1.9378
-
cpe:2.3:a:symantec:norton_antivirus:8.01.434
-
cpe:2.3:a:symantec:norton_antivirus:8.01.437
-
cpe:2.3:a:symantec:norton_antivirus:8.01.446
-
cpe:2.3:a:symantec:norton_antivirus:8.01.457
-
cpe:2.3:a:symantec:norton_antivirus:8.01.460
-
cpe:2.3:a:symantec:norton_antivirus:8.01.464
-
cpe:2.3:a:symantec:norton_antivirus:8.01.471
-
cpe:2.3:a:symantec:norton_antivirus:8.1
-
cpe:2.3:a:symantec:norton_antivirus:8.1.0.825a
-
cpe:2.3:a:symantec:norton_antivirus:8.1.1
-
cpe:2.3:a:symantec:norton_antivirus:8.1.1.319
-
cpe:2.3:a:symantec:norton_antivirus:8.1.1.323
-
cpe:2.3:a:symantec:norton_antivirus:8.1.1.329
-
cpe:2.3:a:symantec:norton_antivirus:8.1.1.366
-
cpe:2.3:a:symantec:norton_antivirus:8.1.1.377
-
cpe:2.3:a:symantec:norton_antivirus:8.1.1_build393
-
cpe:2.3:a:symantec:norton_antivirus:8.1.1_build8.1.1.314a
-
cpe:2.3:a:symantec:norton_antivirus:9.0
-
cpe:2.3:a:symantec:norton_antivirus:9.0.0.338
-
cpe:2.3:a:symantec:norton_antivirus:9.0.1.1.1000
-
cpe:2.3:a:symantec:norton_antivirus:9.0.2.1000
-
cpe:2.3:a:symantec:norton_antivirus:9.0.3.1000
-
cpe:2.3:a:symantec:norton_antivirus:9.0.4
-
cpe:2.3:a:symantec:norton_antivirus:9.0.5
-
cpe:2.3:a:symantec:norton_antivirus:9.0.5.1100
-
cpe:2.3:a:symantec:norton_internet_security:2003
-
cpe:2.3:a:symantec:norton_internet_security:2004
-
cpe:2.3:a:symantec:norton_internet_security:2005
-
cpe:2.3:a:symantec:norton_internet_security:2006
-
cpe:2.3:a:symantec:norton_internet_security:2007
-
cpe:2.3:a:symantec:norton_personal_firewall:2003
-
cpe:2.3:a:symantec:norton_personal_firewall:2004
-
cpe:2.3:a:symantec:norton_personal_firewall:2005
-
cpe:2.3:a:symantec:norton_personal_firewall:2006
-
cpe:2.3:a:symantec:norton_system_works:2003_professional_edition
-
cpe:2.3:a:symantec:norton_system_works:2004
-
cpe:2.3:a:symantec:norton_system_works:2004_professional_edition
-
cpe:2.3:a:symantec:norton_system_works:2005
-
cpe:2.3:a:symantec:norton_system_works:2005_premier
-
cpe:2.3:a:symantec:norton_system_works:2006
-
cpe:2.3:a:symantec:pcanywhere:11.5