CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
9.7%
The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB.
Vendor | Product | Version | CPE |
---|---|---|---|
symantec | naveng_driver | * | cpe:2.3:a:symantec:naveng_driver:*:*:*:*:*:*:*:* |
symantec | navex15_driver | * | cpe:2.3:a:symantec:navex15_driver:*:*:*:*:*:*:*:* |
secunia.com/advisories/22288
securityreason.com/securityalert/1690
securitytracker.com/id?1016994
securitytracker.com/id?1016995
securitytracker.com/id?1016996
securitytracker.com/id?1016997
securitytracker.com/id?1016998
securitytracker.com/id?1016999
securitytracker.com/id?1017000
securitytracker.com/id?1017001
securitytracker.com/id?1017002
www.idefense.com/intelligence/vulnerabilities/display.php?id=417
www.kb.cert.org/vuls/id/946820
www.securityfocus.com/archive/1/447849/100/0/threaded
www.securityfocus.com/bid/20360
www.symantec.com/avcenter/security/Content/2006.10.05a.html
www.vupen.com/english/advisories/2006/3928
exchange.xforce.ibmcloud.com/vulnerabilities/29360