CyberSec.Space Logo
Back to CVE Browser

CVE-2006-0230

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0320%
EPSS Percentile40.24th
PublishedApr 25, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.

Affected Platforms (CPE)

πŸ“¦
Symantec

Antivirus Scan Engine

= 5.0.0.24

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0010.html
πŸ”— http://secunia.com/advisories/19734
πŸ”— http://www.kb.cert.org/vuls/id/118388
πŸ”— http://www.securityfocus.com/archive/1/431724/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/431734/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/17637
πŸ”— http://www.symantec.com/avcenter/security/Content/2006.04.21.html
πŸ”— http://www.vupen.com/english/advisories/2006/1464

Related Vulnerabilities

CVE-2005-275810.0

Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to...

CVE-2012-49539.3

The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symant...

CVE-2018-122387.8

Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Busin...

CVE-2025-101017.8

Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Mach-O file may allow Local Execution of...