CVE-2006-3455

Name of the Vulnerable Software and Affected Versions Symantec AntiVirus Corporate Edition versions 8.1 through 9.0.3 Symantec Client Security versions 1.1 through 2.0.3

Description The issue allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function. This is related to the SAVRT.SYS device driver.

Recommendations For Symantec AntiVirus Corporate Edition versions 8.1 through 9.0.3, update to a version later than 9.0.3 to resolve the issue. For Symantec Client Security versions 1.1 through 2.0.3, update to a version later than 2.0.3 to resolve the issue. As a temporary workaround, consider restricting access to the DeviceIOControl function until a patch is available.