Signature Detail

APP: Symantec Antivirus Management Service Stack Overflow

This signature detects attempts to exploit a known vulnerability against Symantec Antivirus Management Service. Symantec Antivirus Versions 10.0.x and 10.1.x are vulnerable as well as Client Security 3.0.x and 3.1.x. A successful attack allows attackers to remotely gain control of the target as SYSTEM.

Extended Description

Multiple Symantec products are prone to a remote stack buffer-overflow vulnerability. This issue allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges, facilitating the complete compromise of affected computers. Symantec AntiVirus Corporate Edition 10.1 and Symantec Client Security 3.1 are currently known to be vulnerable to this issue. All supported platforms are affected including Microsoft Windows and Novell Netware.

Affected Products

• Symantec AntiVirus Corporate Edition 10.0.0
• Symantec AntiVirus Corporate Edition 10.0.2.2000
• Symantec AntiVirus Corporate Edition 10.0.2 .2001
• Symantec AntiVirus Corporate Edition 10.0.2.2010
• Symantec AntiVirus Corporate Edition 10.0.2.2020
• Symantec AntiVirus Corporate Edition 10.1
• Symantec AntiVirus Corporate Edition 10.1.0.394
• Symantec AntiVirus Corporate Edition 10.1.0.400
• Symantec Client Security 3.0.0
• Symantec Client Security 3.0.2.2000
• Symantec Client Security 3.0.2.2001
• Symantec Client Security 3.0.2.2010
• Symantec Client Security 3.0.2.2020
• Symantec Client Security 3.1
• Symantec Client Security 3.1.0.394
• Symantec Client Security 3.1.0.400

References

• BugTraq: 18107
• CVE: CVE-2006-2630
• URL: http://www.symantec.com/avcenter/security/Content/2006.05.25.html
• URL: http://research.eeye.com/html/advisories/published/AD20060612.html