Lucene search

[email protected]CVE-2003-1310

HistoryNov 30, 2006 - 4:00 p.m.

CVE-2003-1310

2006-11-3016:00:00

[email protected]

web.nvd.nist.gov

deviceiocontrol function

norton device driver

navap.sys

symantec norton antivirus 2002

cve-2003-1310

device driver attack

memory overwrite

local privilege escalation

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka “Device Driver Attack”).

Affected configurations

NVD

Node

symantecnorton_antivirusMatch2002

symantecnorton_antivirusMatch2003

CPENameOperatorVersion
symantec:norton_antivirussymantec norton antiviruseq2002
symantec:norton_antivirussymantec norton antiviruseq2003

CPE	Name	Operator	Version
symantec:norton_antivirus	symantec norton antivirus	eq	2002
symantec:norton_antivirus	symantec norton antivirus	eq	2003

References

sec-labs.hack.pl/papers/win32ddc.php

secunia.com/advisories/9460

www.osvdb.org/4362

www.securityfocus.com/bid/8329

exchange.xforce.ibmcloud.com/vulnerabilities/12824

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2003-1310

cvelist1 nvd1