Symantec AntiVirus Remote Stack Buffer Overflow Vulnerability

BID:18107

CVE-2006-2630 |

Info

Symantec AntiVirus Remote Stack Buffer Overflow Vulnerability

Bugtraq ID: 18107
Class: Boundary Condition Error
CVE: CVE-2006-2630
Remote: Yes
Local: Yes
Published: May 24 2006 12:00AM
Updated: Nov 01 2007 04:26PM
Credit: Derek Soeder is credited with the discovery of this vulnerability.
Vulnerable: Symantec Client Security 3.1 .400
Symantec Client Security 3.1 .394
Symantec Client Security 3.0.2 .2020
Symantec Client Security 3.0.2 .2010
Symantec Client Security 3.0.2 .2001
Symantec Client Security 3.0.2 .2000
Symantec Client Security 3.0
Symantec Client Security 3.1
Symantec AntiVirus Corporate Edition 10.1 .400
Symantec AntiVirus Corporate Edition 10.1 .394
Symantec AntiVirus Corporate Edition 10.0.2 .2020
Symantec AntiVirus Corporate Edition 10.0.2 .2010
Symantec AntiVirus Corporate Edition 10.0.2 .2001
Symantec AntiVirus Corporate Edition 10.0.2 .2000
Symantec AntiVirus Corporate Edition 10.0
Symantec AntiVirus Corporate Edition 10.1
Not Vulnerable: Symantec Client Security 3.1 .401
Symantec Client Security 3.1 .396
Symantec Client Security 3.0.2 .2021
Symantec Client Security 3.0.2 .2011
Symantec Client Security 3.0.2 .2002
Symantec Client Security 2.0.3 MR3 b9.0.3.1000
Symantec Client Security 2.0.2 MR2 b9.0.2.1000
Symantec Client Security 2.0.1 MR1 b9.0.1.1000
Symantec Client Security 2.0 STM build 9.0.0.338
Symantec Client Security 2.0 (SCF 7.1)
Symantec Client Security 2.0 (SCF 7.1)
Symantec Client Security 2.0
Symantec Client Security 1.1.1 MR5 build 8.1.1.336
Symantec Client Security 1.1.1 MR4 build 8.1.1.329
Symantec Client Security 1.1.1 MR3 build 8.1.1.323
Symantec Client Security 1.1.1 MR2 build 8.1.1.319
Symantec Client Security 1.1.1 MR1 build 8.1.1.314a
Symantec Client Security 1.1.1 MR6 b8.1.1.266
Symantec Client Security 1.1.1
Symantec Client Security 1.1 STM b8.1.0.825a
Symantec Client Security 1.1
Symantec Client Security 1.0.1 MR8 build 8.01.471
Symantec Client Security 1.0.1 MR7 build 8.01.464
Symantec Client Security 1.0.1 MR6 build 8.01.460
Symantec Client Security 1.0.1 MR5 build 8.01.457
Symantec Client Security 1.0.1 MR4 build 8.01.446
Symantec Client Security 1.0.1 MR3 build 8.01.434
Symantec Client Security 1.0.1 build 8.01.437
Symantec Client Security 1.0.1 MR9 b8.01.501
Symantec Client Security 1.0.1 MR2 b8.01.429c
Symantec Client Security 1.0.1 MR1 b8.01.425a/b
Symantec Client Security 1.0.1
Symantec Client Security 1.0 .0 b8.01.9378
Symantec Client Security 1.0 b8.01.9374
Symantec Client Security 1.0
Symantec AntiVirus Corporate Edition 10.1 .401
Symantec AntiVirus Corporate Edition 10.1 .396
Symantec AntiVirus Corporate Edition 10.0.2 .2021
Symantec AntiVirus Corporate Edition 10.0.2 .2011
Symantec AntiVirus Corporate Edition 10.0.2 .2002
Symantec AntiVirus Corporate Edition 9.0.4
Symantec AntiVirus Corporate Edition 9.0.3 .1000
Symantec AntiVirus Corporate Edition 9.0.2 .1000
Symantec AntiVirus Corporate Edition 9.0.1 .1.1000
Symantec AntiVirus Corporate Edition 9.0 .0.338
Symantec AntiVirus Corporate Edition 9.0
Symantec AntiVirus Corporate Edition 8.1.1 build 8.1.1.329
Symantec AntiVirus Corporate Edition 8.1.1 build 8.1.1.323
Symantec AntiVirus Corporate Edition 8.1.1 build 8.1.1.319
Symantec AntiVirus Corporate Edition 8.1.1 build 8.1.1.314a
Symantec AntiVirus Corporate Edition 8.1.1 .377
Symantec AntiVirus Corporate Edition 8.1.1 .366
Symantec AntiVirus Corporate Edition 8.1.1
Symantec AntiVirus Corporate Edition 8.1 build 8.01.471
Symantec AntiVirus Corporate Edition 8.1 build 8.01.464
Symantec AntiVirus Corporate Edition 8.1 build 8.01.460
Symantec AntiVirus Corporate Edition 8.1 build 8.01.457
Symantec AntiVirus Corporate Edition 8.1 build 8.01.446
Symantec AntiVirus Corporate Edition 8.1 build 8.01.437
Symantec AntiVirus Corporate Edition 8.1 build 8.01.434
Symantec AntiVirus Corporate Edition 8.1 .0.825a
Symantec AntiVirus Corporate Edition 8.1
Symantec AntiVirus Corporate Edition 8.0 1.9378
Symantec AntiVirus Corporate Edition 8.0 1.9374
Symantec AntiVirus Corporate Edition 8.0 1.501
Symantec AntiVirus Corporate Edition 8.0 1.429c
Symantec AntiVirus Corporate Edition 8.0 1.425a/b
Symantec AntiVirus Corporate Edition 8.0 1
Symantec AntiVirus Corporate Edition 8.0

Discussion

Symantec AntiVirus Remote Stack Buffer Overflow Vulnerability

Multiple Symantec products are prone to a remote stack buffer-overflow vulnerability.

This issue allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges, facilitating the complete compromise of affected computers.

Symantec AntiVirus Corporate Edition 10.1 and Symantec Client Security 3.1 are currently known to be vulnerable to this issue. All supported platforms are affected including Microsoft Windows and Novell Netware.

Exploit / POC

Symantec AntiVirus Remote Stack Buffer Overflow Vulnerability

Reports indicate that the worms 'W32.Spybot.ACYR' and 'W32.Spybot.AMTE' may be exploiting this issue in the wild.

An exploit is available to members of the Immunity Partner's program:

https://www.immunityinc.com/downloads/immpartners/symantec_rm.tar

This issue is actively being exploited in the wild by 'W32.Sagevo'. A recent spike of exploit activity is also reported.

UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

Solution / Fix

Symantec AntiVirus Remote Stack Buffer Overflow Vulnerability

Solution:
Symantec has released an advisory with more information regarding this issue.

Fixes for all supported platforms, including Microsoft Windows and Novell NetWare, are available from the following URI:

http://www.symantec.com/techsupp/enterprise/select_product_updates.html

Fixes for localized versions are available from the following URI:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2006052609181248

NOTE: Given the recent spike in exploit activity in the wild by 'W32.Sagevo', customers running vulnerable versions of the affected software should install fixes as soon as possible.


Symantec AntiVirus Corporate Edition 10.0.2 .2001

Symantec AntiVirus Corporate Edition 10.0.2 .2020

Symantec AntiVirus Corporate Edition 10.0.2 .2000

Symantec AntiVirus Corporate Edition 10.1 .394

Symantec AntiVirus Corporate Edition 10.1 .400

References

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report