Computer Security
[EN] securityvulns.ru no-pyccku


Symantec Norton Personal Firewall / Norton Internet Security buffer overflow
updated since 18.09.2006
Published:15.03.2007
Source:
SecurityVulns ID:6623
Type:local
Threat Level:
5/10
Description:\Device\SymEvent driver interface buffer overflow.
Affected:SYMANTEC : Norton Personal Firewall 2006
 SYMANTEC : Norton Internet Security 2006
CVE:CVE-2007-1495 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data, a reintroduction of CVE-2006-4855.)
 CVE-2007-1476 (The SymTDI driver in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, and possibly Norton Internet Security 2006 and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855.)
 CVE-2006-4855 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.)
Original documentdocumentMatousec - Transparent security Research, [Full-disclosure] Norton Insufficient validation of 'SymTDI' driver input buffer (15.03.2007)
 documentMatousec - Transparent security Research, SymEvent Driver Local Access System Denial of Service (14.03.2007)
 documentDavid Matousek, Symantec Norton Insufficient validation of 'SymEvent' driver input buffer (18.09.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod