CVE-2006-4927

Name of the Vulnerable Software and Affected Versions Symantec AntiVirus versions 20061.3.0.12 and later

Description The issue allows local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions 0x222AD3, 0x222AD7, and 0x222ADB. This is related to the NAVENG and NAVEX15 device drivers.

Recommendations For versions 20061.3.0.12 and later, consider restricting access to the IOCTL functions 0x222AD3, 0x222AD7, and 0x222ADB to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.