CVE-2007-4648

Name of the Vulnerable Software and Affected Versions: Norman Virus Control version 5.82

Description: The issue concerns weak permissions in the nvcoaft51 driver, allowing local users to gain privileges. This can be achieved by either triggering a buffer overflow in a kernel pool via a string argument to ioctl "0xBF67201C" or by sending a crafted KEVENT structure through ioctl "0xBF672028" to overwrite arbitrary memory locations.

Recommendations: For Norman Virus Control version 5.82, consider restricting access to the nvcoaft51 driver to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the ioctls "0xBF67201C" and "0xBF672028" to prevent potential buffer overflows and memory overwrites.