CVE-2007-1793

Name of the Vulnerable Software and Affected Versions: Symantec Norton Personal Firewall versions 9.1.0.33 through 9.1.1.7 Symantec Norton Internet Security versions prior to 15.0.0.60

Description: The issue allows local users to cause a denial of service or possibly execute arbitrary code via crafted arguments to the NtCreateMutant and NtOpenEvent functions. This is due to the SPBBCDrv.sys driver not validating certain arguments before passing them to hooked SSDT function handlers.

Recommendations: For Symantec Norton Personal Firewall versions 9.1.0.33 and 9.1.1.7, consider updating to a version later than 9.1.1.7 to resolve the issue. For Symantec Norton Internet Security versions prior to 15.0.0.60, update to version 15.0.0.60 or later to fix the problem. As a temporary workaround, consider restricting access to the NtCreateMutant and NtOpenEvent functions until a patch is available.