CVE-2006-4855

Name of the Vulnerable Software and Affected Versions Symantec Norton Personal Firewall versions 9.1.0.33 and other versions Symantec Internet Security (affected versions not specified) Symantec AntiVirus (affected versions not specified) Symantec SystemWorks (affected versions not specified) Symantec Client Security SCS versions 1.x through 3.1 Symantec AntiVirus Corporate Edition SAVCE versions 8.x through 10.1 Symantec pcAnywhere version 11.5 Symantec Host (affected versions not specified)

Description The issue allows local users to cause a denial of service, resulting in a system crash, by sending invalid data. This can be achieved by calling DeviceIoControl to send the data.

Recommendations For Symantec Norton Personal Firewall version 9.1.0.33, update to a version that fixes the issue. For Symantec Internet Security, update to a version that fixes the issue. For Symantec AntiVirus, update to a version that fixes the issue. For Symantec SystemWorks, update to a version that fixes the issue. For Symantec Client Security SCS versions 1.x through 3.1, update to a version later than 3.1. For Symantec AntiVirus Corporate Edition SAVCE versions 8.x through 10.1, update to a version later than 10.1. For Symantec pcAnywhere version 11.5, update to a version that fixes the issue. For Symantec Host, update to a version that fixes the issue.