APP: Symantec Antivirus Management Service Stack Overflow
This signature detects attempts to exploit a known vulnerability against Symantec Antivirus Management Service. Symantec Antivirus Versions 10.0.x and 10.1.x are vulnerable as well as Client Security 3.0.x and 3.1.x. A successful attack allows attackers to remotely gain control of the target as SYSTEM.
Extended Description
Multiple Symantec products are prone to a remote stack buffer-overflow vulnerability. This issue allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges, facilitating the complete compromise of affected computers. Symantec AntiVirus Corporate Edition 10.1 and Symantec Client Security 3.1 are currently known to be vulnerable to this issue. All supported platforms are affected including Microsoft Windows and Novell Netware.
Affected Products
Symantec client_security
Short Name
APP:SYMC:AV-MGT-SVC-BOF
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Antivirus CVE-2006-2630 Management Overflow Service Stack Symantec bid:18107
Release Date
12/16/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3728
Port
TCP/2967
False Positive
Unknown
Vendors
Symantec
CVSS Score
10.0