PT-2006-5677 · Symantec · Symantec Antivirus

Ruben Santamarta

Published

2006-10-05

Updated

2018-10-17

CVE-2006-4927

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Symantec AntiVirus versions 20061.3.0.12 and later

Description The issue allows local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions 0x222AD3, 0x222AD7, and 0x222ADB. This is related to the NAVENG and NAVEX15 device drivers.

Recommendations For versions 20061.3.0.12 and later, consider restricting access to the IOCTL functions 0x222AD3, 0x222AD7, and 0x222ADB to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4927

Affected Products

Symantec Antivirus

PT-2006-5677 · Symantec · Symantec Antivirus

CVE-2006-4927

Related Identifiers

Affected Products

References · 21