Symantec real-time scan service buffer overflow

Added: 06/13/2006
CVE: CVE-2006-2630
BID: 18107
OSVDB: 25846

Background

Various Symantec products include a real-time virus scan service.

Problem

A buffer overflow in the real-time virus scan service allows remote attackers to execute arbitrary commands.

Resolution

Apply patch SYM06-010.

References

http://www.kb.cert.org/vuls/id/404910

Limitations

Exploit works on Symantec Client Security 3.0 with rtvscan.exe version 10.0.0.359. In order for the exploit to succeed, the Auto-Detect option and the Client Scan Log Forwarding option must be enabled. The Client Scan Log Forwarding option is enabled if the following registry value is 1:

Key: HKEY_LOCAL_MACHINE\Software\Intel\LANDesk\VirusProtect6\CurrentVersion\ForwardScan
Value: NTCommonConfiguration = 1

Platforms

Windows
Windows Server 2003

Back to exploit index