Vulnerability in Symantec Antivirus_scan_engine
CVE-2006-0230
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.
EPSS: 0.161 (96.5th percentile) — read the EPSS interpretation.
Affected products
- Symantec Antivirus_scan_engine — versions 5.0.0.24
- N/a — versions n/a
References
- cve@mitre.org (vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (Vendor Advisory, mailing-list, x_refsource_VULNWATCH, Exploit, Patch)
- cve@mitre.org (US Government Resource, x_refsource_CERT-VN, third-party-advisory)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (vdb-entry, x_refsource_VUPEN)